Apologies!! The repo is at https://github.com/yoavweiss/httponly_prefix On Mon, Feb 24, 2025 at 9:16 PM Rory Hewitt <rory.hewitt@gmail.com> wrote: > Yoav, > > Stupid question - where is the Git repo? > > On Mon, Feb 24, 2025 at 9:57 AM Yoav Weiss <yoav.weiss@shopify.com> wrote: > >> >> >> On Mon, Feb 24, 2025 at 6:02 PM Rory Hewitt <rory.hewitt@gmail.com> >> wrote: >> >>> Quick nit: >>> >>> Section 2.1.2 is called "The "__HttpOnlyHost-" prefix" but the text >>> begins "If a cookie's name begins with a case-sensitive match for the >>> string __HttpOnly-, then [...]". >>> >> >> Oops!! >> >>> >>> Do you want nits and other stuff in the Git repo or via this email DL? >>> >> >> Issues on the repo would be best. >> >> >>> >>> On Mon, Feb 24, 2025 at 3:01 AM Yoav Weiss <yoav.weiss@shopify.com> >>> wrote: >>> >>>> >>>> >>>> On Mon, Feb 24, 2025 at 11:36 AM Yoav Weiss <yoav.weiss@shopify.com> >>>> wrote: >>>> >>>>> Oh yeah! I'd need to also add steps to >>>>> https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-19.html#section-5.7 >>>>> to impact the consumer processing models. >>>>> >>>> >>>> Took a stab at that: >>>> https://yoavweiss.github.io/httponly_prefix/draft-httponlyprefix-weiss-http.html#name-storage-model >>>> >>>> Feedback appreciated! :) >>>> >>>> >>>>> >>>>> On Mon, Feb 24, 2025 at 11:26 AM Anne van Kesteren <annevk@annevk.nl> >>>>> wrote: >>>>> >>>>>> On Mon, Feb 24, 2025 at 11:05 AM Yoav Weiss <yoav.weiss@shopify.com> >>>>>> wrote: >>>>>> > I've put together an I-D to propose this more officially. I'd love >>>>>> feedback on it. >>>>>> >>>>>> This only covers requirements for producers. Consumers will have to >>>>>> perform ASCII case-insensitive matching, for instance. >>>>>> >>>>> >>> >>> -- >>> Rory Hewitt >>> >>> https://www.linkedin.com/in/roryhewitt >>> >> > > -- > Rory Hewitt > > https://www.linkedin.com/in/roryhewitt >
Received on Monday, 24 February 2025 20:19:53 UTC