- From: Brian Campbell <bcampbell@pingidentity.com>
- Date: Tue, 25 May 2021 08:12:46 -0600
- To: Lily Chen <chlily@google.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CA+k3eCRZquOtr64pqXJc-XFsGV95qpNz=VeBnS6upyn8Lvfgqg@mail.gmail.com>
Thanks Lily, and sorry for the noise. I should have checked the editor's draft before asking about it on list. On Fri, May 21, 2021 at 3:29 PM Lily Chen <chlily@google.com> wrote: > Following up on this, it looks like it was already removed > <https://github.com/httpwg/http-extensions/commit/c467bb923e727f7b03e5a7b6430c5fc91445aa1d#diff-c96f4fab694f25d91c3ae6f4cd68ae735dbcb33dcbb2f4b79a13675b293caa7b> > (thanks Filippo!) and will be reflected in the -08 version of the draft. > > On Fri, May 7, 2021 at 5:21 PM Lily Chen <chlily@google.com> wrote: > >> Thanks for pointing that out! You're correct, the note should have been >> removed or updated. I'll fix that! >> >> On Fri, May 7, 2021 at 3:26 PM Brian Campbell <bcampbell@pingidentity.com> >> wrote: >> >>> Looking at parts of draft-ietf-httpbis-rfc6265bis-07 today I noticed >>> what is maybe a little inconsistency around the treatment of the default >>> for SameSite. >>> >>> >>> https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-07.html#section-4.1.2.7 >>> has: >>> 'If the "SameSite" attribute's value is something other than these three >>> known keywords, the attribute's value will be subject to a default >>> enforcement mode that is equivalent to "Lax".' >>> and parts of >>> https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-07.html#section-5.5 >>> and >>> https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-07.html#name-draft-ietf-httpbis-rfc6265bis-07 >>> also suggest Lax as the default. As does (relatively recent) current >>> behaviour from most/all browsers. >>> >>> but >>> https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-07.html#section-5.3.7 >>> ends with this sentence that looks like it's maybe left over from when the >>> default enforcement mode was "None": >>> 'Note: This algorithm maps the "None" value, as well as any unknown >>> value, to the "None" behavior, which is helpful for backwards compatibility >>> when introducing new variants.' >>> >>> >>> >>> >>> *CONFIDENTIALITY NOTICE: This email may contain confidential and >>> privileged material for the sole use of the intended recipient(s). Any >>> review, use, distribution or disclosure by others is strictly prohibited. >>> If you have received this communication in error, please notify the sender >>> immediately by e-mail and delete the message and any file attachments from >>> your computer. Thank you.* >> >> -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
Received on Tuesday, 25 May 2021 14:14:37 UTC