- From: Mark Nottingham <mnot@mnot.net>
- Date: Fri, 17 Mar 2017 11:35:29 +1100
- To: Kazuho Oku <kazuhooku@gmail.com>
- Cc: Willy Tarreau <w@1wt.eu>, Vasiliy Faronov <vfaronov@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
> On 17 Mar 2017, at 12:55 am, Kazuho Oku <kazuhooku@gmail.com> wrote: > > While I would not say that RFC 6265 and Early Hints would contradict, > I still think that the requirement of how a Set-Cookie header _can_ be > handled is narrowed by Early Hints. Consider the response below. > > HTTP/1.1 103 Early Hints > Set-Cookie: a=b > > HTTP/1.1 200 OK > Content-Type: text/plain; charset=utf-8 > Content-Length: 12 > > Hello world > > RFC 6265 allows the client to store cookie `a` by stating that a > client MAY accept a Set-Cookie header within any 100-level response. Just a note -- one of the possible outcomes is that we decide that's a bug in 6265. Do we have any data on clients with cookie jars that actually do this? Cheers, -- Mark Nottingham https://www.mnot.net/
Received on Friday, 17 March 2017 00:36:01 UTC