- From: Mark Nottingham <mnot@mnot.net>
- Date: Wed, 22 Jun 2016 16:36:15 +1000
- To: Matthew Cox <macox@microsoft.com>
- Cc: Mike West <mkwst@google.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
I think we can treat this as the other specific issue found, and discuss it as part of the "core" draft, rather than requiring a seperate I-D. Cheers, > On 22 Jun 2016, at 2:19 AM, Matthew Cox <macox@microsoft.com> wrote: > > Thanks Mike! > > I have already filed an issue: https://github.com/httpwg/http-extensions/issues/199. > > Please let me know if something else needs to be done to get this updated. > > Thanks, > > Matthew > > From: Mike West [mailto:mkwst@google.com] > Sent: Tuesday, June 21, 2016 5:42 AM > To: Matthew Cox <macox@microsoft.com>; Mark Nottingham <mnot@mnot.net> > Cc: ietf-http-wg@w3.org > Subject: Re: RFC6265 - Difference between RFC and implementation with regards to host-only-flag > > On Fri, Jun 3, 2016 at 6:31 PM, Matthew Cox <macox@microsoft.com> wrote: > We noticed that the host-only-flag behavior is different in most browsers vs the RFC, and I’d like to get this updated with new work being done on the cookie RFC. > > > > Given these two headers in a response from a request to http://contoso.com/: > > > > Set-Cookie: mycookie=nothostonly; domain=contoso.com > > Set-Cookie: mycookie=hostonly > > > > You would expect one cookie based on RFC 6265 section 5.3 where the cookie is defined by the name, domain, and path. > > > > However, most browsers will create two cookies since they take host-only-flag into account when looking up/creating a cookie. > > > > Based on this I’d like to update section 5.3 and 4.1.2 to add host-only-flag to the list of properties that make a unique cookie in the store. > > > This seems like a reasonable change to me, and I believe it matches Chrome's existing behavior. > > What’s the best way to get this added? Should I create an issue in GitHub? > > > I'd say file an issue against https://github.com/httpwg/http-extensions/issues; not sure if this is a substantial enough change to require more than that. Mark? > > -mike > > -mike > > On Fri, Jun 3, 2016 at 6:31 PM, Matthew Cox <macox@microsoft.com> wrote: > We noticed that the host-only-flag behavior is different in most browsers vs the RFC, and I’d like to get this updated with new work being done on the cookie RFC. > > Given these two headers in a response from a request to http://contoso.com/: > > Set-Cookie: mycookie=nothostonly; domain=contoso.com > Set-Cookie: mycookie=hostonly > > You would expect one cookie based on RFC 6265 section 5.3 where the cookie is defined by the name, domain, and path. > > However, most browsers will create two cookies since they take host-only-flag into account when looking up/creating a cookie. > > Based on this I’d like to update section 5.3 and 4.1.2 to add host-only-flag to the list of properties that make a unique cookie in the store. > > What’s the best way to get this added? Should I create an issue in GitHub? > > Thanks, > > Matthew -- Mark Nottingham https://www.mnot.net/
Received on Wednesday, 22 June 2016 06:36:44 UTC