[Bug 26409] New: Differences between cookie prose and RFC 6265 from bugzilla@jessica.w3.org on 2014-07-22 (public-browser-tools-testing@w3.org from July to September 2014)

From: <bugzilla@jessica.w3.org>
Date: Tue, 22 Jul 2014 19:26:01 +0000
To: public-browser-tools-testing@w3.org
Message-ID: <bug-26409-5015@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26409

            Bug ID: 26409
           Summary: Differences between cookie prose and RFC 6265
           Product: Browser Test/Tools WG
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: WebDriver
          Assignee: public-browser-tools-testing@w3.org
          Reporter: botalov.andrey@gmail.com
        QA Contact: public-browser-tools-testing@w3.org
                CC: mike@w3.org
            Blocks: 20860

1. Domain

Documentation of Cookie dictionary contains:
"This should be set or must be the null value if unknown."

Section 5.3.4 of RFC contains:
"Otherwise: Let the domain-attribute be the empty string."

So it's not clear if it should be null or empty string

2. Path

Documentation of Cookie dictionary contains:
"This should be set or must be the null value if unknown."

Section 5.3.4 of RFC contains:
"Otherwise, set the cookie's path to the default-path of the request-uri."

Section 5.2.4 of RFC contains:
"If the attribute-value is empty or if the first character of the
attribute-value is not %x2F ("/"): Let cookie-path be the default-path."

So it's not clear if it should be null or default-path computed using the
algorithm from 5.1.4

3. Expiry

Documentation of Cookie dictionary contains:
"This should be set or must be null if unknown."

Section 5.3.3 of RFC contains an algorithm that always sets expiry to some
value.

4. Secure/httpOnly

Documentation of Cookie dictionary contains (for both secure and httponly):
"If this attribute is missing, the local ends must interpret this as being
false."

Also section 5.3.8 and 5.3.9 contain:
"Otherwise, set the cookie's secure-only-flag to false."
"Otherwise, set the cookie's http-only-flag to false."

It makes sense only for getCookie endpoint.

Suggestion (for items above): Phrases like "This should be set or must be null
if unknown." in cookie dictionary prose make sense only for getCookie. So if
they are needed they should be moved there and also they should probably
correspond to definitions of RFC (i.e. if RFC tells that default-path should be
returned, then returning null is quiet strange).



5. Prose of addCookie contains:
"If there is an error during this step return a unable to set cookie error."

But actually section 5.3 of RFC doesn't even contain a word "error".

Suggestion: Transform this sentence to something like:
"If the cookie wasn't set (i.e. ignored) by this step return a unable to set
cookie error."

IMHO it would be better as algorithm contains "ignore" several times.



Note: I haven't read RFC 6265 fully, only a few parts of it.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Tuesday, 22 July 2014 19:26:02 UTC