- From: Mike West <mkwst@google.com>
- Date: Fri, 17 Nov 2017 11:56:33 +0100
- To: HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAKXHy=fWeM_eiS8u9zOmWCX52eeAFR-DZQf+T4mv2pH6p3ep5w@mail.gmail.com>
I apologize for my absence at the WG meeting this morning. I slept through my alarm for reasons that are entirely my own fault, and I'm sorry y'all wasted time waiting for me. The highlights of what I would have told y'all are more or less as follows: 1. The rate of `SameSite` adoption seems to be increasing (though still ~low). The attribute was used in ~0.012% of Chrome's cookie-setting operations in June to ~0.019% in the last month. It looks like Mozilla has landed some relevant infrastructure <https://bugzilla.mozilla.org/show_bug.cgi?id=1286858>, so maybe we'll see another implementation? That would be lovely. 2. `__Host-` prefix usage is relatively constant at ~0.004% of Chrome's cookie-setting operations. `__Secure-` prefix usage, on the other hand, jumped from statistical noise in June to 0.07% on Monday, then dropped back to statistical noise. Perhaps some higher-traffic site floated a trial balloon? I'm curious! 3. The tightened `secure` behaviors in Chrome and Firefox seem solidly shipped. I haven't seen any bug reports on the topic since the last IETF, and I don't anticipate rolling back the changes. I'm curious to hear from other implementers whether they intend to tighten their handling of the attribute as well. 4. I've not done much work on the document since the last meeting. The next steps from my perspective are to clean up the `SameSite` definition in the -01, to work through the ~6 open issues <https://github.com/httpwg/http-extensions/issues?q=is%3Aissue+is%3Aopen+label%3A6265bis>, and to migrate the test suite <https://github.com/abarth/http-state/tree/master/tests> to Web Platform Tests so we have continual integration, and to improve clarity around existing browser behavior. I intend to work on that a bit over the quiet holiday period. Thanks, and again, sorry I missed this morning. :/ -mike
Received on Friday, 17 November 2017 10:57:19 UTC