Yoav, Stupid question - where is the Git repo? On Mon, Feb 24, 2025 at 9:57 AM Yoav Weiss <yoav.weiss@shopify.com> wrote: > > > On Mon, Feb 24, 2025 at 6:02 PM Rory Hewitt <rory.hewitt@gmail.com> wrote: > >> Quick nit: >> >> Section 2.1.2 is called "The "__HttpOnlyHost-" prefix" but the text >> begins "If a cookie's name begins with a case-sensitive match for the >> string __HttpOnly-, then [...]". >> > > Oops!! > >> >> Do you want nits and other stuff in the Git repo or via this email DL? >> > > Issues on the repo would be best. > > >> >> On Mon, Feb 24, 2025 at 3:01 AM Yoav Weiss <yoav.weiss@shopify.com> >> wrote: >> >>> >>> >>> On Mon, Feb 24, 2025 at 11:36 AM Yoav Weiss <yoav.weiss@shopify.com> >>> wrote: >>> >>>> Oh yeah! I'd need to also add steps to >>>> https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-19.html#section-5.7 >>>> to impact the consumer processing models. >>>> >>> >>> Took a stab at that: >>> https://yoavweiss.github.io/httponly_prefix/draft-httponlyprefix-weiss-http.html#name-storage-model >>> >>> Feedback appreciated! :) >>> >>> >>>> >>>> On Mon, Feb 24, 2025 at 11:26 AM Anne van Kesteren <annevk@annevk.nl> >>>> wrote: >>>> >>>>> On Mon, Feb 24, 2025 at 11:05 AM Yoav Weiss <yoav.weiss@shopify.com> >>>>> wrote: >>>>> > I've put together an I-D to propose this more officially. I'd love >>>>> feedback on it. >>>>> >>>>> This only covers requirements for producers. Consumers will have to >>>>> perform ASCII case-insensitive matching, for instance. >>>>> >>>> >> >> -- >> Rory Hewitt >> >> https://www.linkedin.com/in/roryhewitt >> > -- Rory Hewitt https://www.linkedin.com/in/roryhewitt
Received on Monday, 24 February 2025 20:16:53 UTC