- From: Kazuho Oku <kazuhooku@gmail.com>
- Date: Sat, 18 Mar 2017 21:48:33 +0900
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Willy Tarreau <w@1wt.eu>, Vasiliy Faronov <vfaronov@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
2017-03-17 9:35 GMT+09:00 Mark Nottingham <mnot@mnot.net>: > >> On 17 Mar 2017, at 12:55 am, Kazuho Oku <kazuhooku@gmail.com> wrote: >> >> While I would not say that RFC 6265 and Early Hints would contradict, >> I still think that the requirement of how a Set-Cookie header _can_ be >> handled is narrowed by Early Hints. Consider the response below. >> >> HTTP/1.1 103 Early Hints >> Set-Cookie: a=b >> >> HTTP/1.1 200 OK >> Content-Type: text/plain; charset=utf-8 >> Content-Length: 12 >> >> Hello world >> >> RFC 6265 allows the client to store cookie `a` by stating that a >> client MAY accept a Set-Cookie header within any 100-level response. > > Just a note -- one of the possible outcomes is that we decide that's a bug in 6265. Do we have any data on clients with cookie jars that actually do this? Thank you for the suggestion. I'd prefer RFC 6265 defining the behavior for all of the 100-level response be considered as a bug. I do not see why the definition needs to be different from that of RFC 7231 section 6.2; quote: "A user agent MAY ignore unexpected 1xx responses." OTOH, please let me note that even if we consider that RFC 6265 should be corrected to align with the definition found in RFC 7231, the discussion of if we should recognize the headers of an 103 response as belonging to the response itself remains. > Cheers, > > > -- > Mark Nottingham https://www.mnot.net/ > -- Kazuho Oku
Received on Saturday, 18 March 2017 12:49:06 UTC