- From: Kari hurtta <hurtta-ietf@elmme-mailer.org>
- Date: Wed, 12 Oct 2016 11:41:46 +0300 (EEST)
- To: Mike West <mkwst@google.com>
- CC: Kari hurtta <hurtta-ietf@elmme-mailer.org>, HTTP working group mailing list <ietf-http-wg@w3.org>
> I'm sure we'll find more formatting issues over the next week or so that > arose from the port from the flat text file to Markdown, so I'll hold off > on publishing a -01 draft until those shake out. Small note about spacing on lists. 5.2. The Set-Cookie Header https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-00#section-5.2 | 1. If the set-cookie-string contains a %x3B (";") character: | | 1. The name-value-pair string consists of the characters up to, | but not including, the first %x3B (";"), and the unparsed- | attributes consist of the remainder of the set-cookie-string | (including the %x3B (";") in question). | | Otherwise: | | 1. The name-value-pair string consists of all the characters | contained in the set-cookie-string, and the unparsed- | attributes is the empty string. | 2. If the name-value-pair string lacks a %x3D ("=") character, | ignore the set-cookie-string entirely. Formatting: Because there is empty line on beginning of sublist, this may be more readable, if there is also empty line on end of sublist. ( Somewhat numbered sublists, where is only one item, are odd. ) Here also (on first it is not sublist, but "Let the cookie-av string be the characters consumed in this step." does not visually go togetger with "3." tiem). | 3. If the remaining unparsed-attributes contains a %x3B (";") | character: | | 1. Consume the characters of the unparsed-attributes up to, but | not including, the first %x3B (";") character. | | Otherwise: | | 1. Consume the remainder of the unparsed-attributes. | | Let the cookie-av string be the characters consumed in this step. | 4. If the cookie-av string contains a %x3D ("=") character: | | 1. The (possibly empty) attribute-name string consists of the | characters up to, but not including, the first %x3D ("=") | character, and the (possibly empty) attribute-value string | consists of the characters after the first %x3D ("=") | character. | | Otherwise: | | 1. The attribute-name string consists of the entire cookie-av | string, and the attribute-value string is empty. | 5. Remove any leading or trailing WSP characters from the attribute- | name string and the attribute-value string. 5.2.3. The Domain Attribute https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-00#section-5.2.3 | 2. If the first character of the attribute-value string is %x2E | ("."): | | 1. Let cookie-domain be the attribute-value without the leading | %x2E (".") character. | | Otherwise: | | 1. Let cookie-domain be the entire attribute-value. | 3. Convert the cookie-domain to lower case. In other words if there is empy lines inside of item, there should be also on end of item. Otherwise grouping look strange. Perhaps this is idiosyncrasy of tools? Perhaps there should be empty line between all list items if there is at least one empty line inside of some list item? 5.2.4. The Path Attribute https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-00#section-5.2.3 | 1. If the attribute-value is empty or if the first character of the | attribute-value is not %x2F ("/"): | | 1. Let cookie-path be the default-path. | | Otherwise: | | 1. Let cookie-path be the attribute-value. | 2. Append an attribute to the cookie-attribute-list with an | attribute-name of Path and an attribute-value of cookie-path. https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-00#section-5.3 5.3. Storage Model | 1. Set the cookie's persistent-flag to false. | 2. Set the cookie's expiry-time to the latest representable | date. | 4. If the cookie-attribute-list contains an attribute with an | attribute-name iof "Domain": and | 1. Let the domain-attribute be the empty string. | 5. If the user agent is configured to reject "public suffixes" and | the domain-attribute is a public suffix: and | NOTE: A "public suffix" is a domain that is controlled by a | public registry, such as "com", "co.uk", and "pvt.k12.wy.us". | This step is essential for preventing attacker.com from | disrupting the integrity of example.com by setting a cookie with | a Domain attribute of "com". Unfortunately, the set of public | suffixes (also known as "registry controlled domains") changes | over time. If feasible, user agents SHOULD use an up-to-date | public suffix list, such as the one maintained by the Mozilla | project at http://publicsuffix.org/ . | 6. If the domain-attribute is non-empty: and | 1. Set the cookie's host-only-flag to true. | 2. Set the cookie's domain to the canonicalized request-host. | 7. If the cookie-attribute-list contains an attribute with an and so on
Received on Wednesday, 12 October 2016 08:42:18 UTC