- From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
- Date: Thu, 03 Sep 2009 12:12:56 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/spec In directory hutz:/tmp/cvs-serv27802 Modified Files: Overview.html Log Message: Integrate with draft-abarth-cookie-03. (whatwg r3740) Index: Overview.html =================================================================== RCS file: /sources/public/html5/spec/Overview.html,v retrieving revision 1.2913 retrieving revision 1.2914 diff -u -d -r1.2913 -r1.2914 --- Overview.html 3 Sep 2009 11:56:34 -0000 1.2913 +++ Overview.html 3 Sep 2009 12:12:52 -0000 1.2914 @@ -4502,7 +4502,7 @@ <li><p>Take ownership of the <a href="#storage-mutex">storage mutex</a>.</li> - <li><p>Update the cookies. <a href="#refsRFC2109">[RFC2109]</a> <a href="#refsCOOKIES">[COOKIES]</a></li> + <li><p>Update the cookies. <a href="#refsCOOKIES">[COOKIES]</a></li> <li><p>Release the <a href="#storage-mutex">storage mutex</a> so that it is once again free.</li> @@ -6176,12 +6176,9 @@ <code><a href="#security_err">SECURITY_ERR</a></code> exception. Otherwise, if <a href="#the-document-s-address">the document's address</a> does not use a server-based naming authority, it must return the empty string. Otherwise, it must first - <a href="#obtain-the-storage-mutex">obtain the storage mutex</a> and then return the same - string as the value of the <code title="">Cookie</code> HTTP header - it would include if <a href="#fetch" title="fetch">fetching</a> the resource - indicated by <a href="#the-document-s-address">the document's address</a> over HTTP, as per - RFC 2109 section 4.3.4 or later specifications, excluding HTTP-only - cookies. <a href="#refsRFC2109">[RFC2109]</a> <a href="#refsCOOKIES">[COOKIES]</a></p> + <a href="#obtain-the-storage-mutex">obtain the storage mutex</a> and then return the + cookie-string for <a href="#the-document-s-address">the document's address</a> for a + "non-HTTP" API. <a href="#refsCOOKIES">[COOKIES]</a></p> <p>On setting, if the document is not associated with a <a href="#browsing-context">browsing context</a> then the user agent must raise an @@ -6193,18 +6190,9 @@ document's address</a> does not use a server-based naming authority, it must do nothing. Otherwise, the user agent must <a href="#obtain-the-storage-mutex">obtain the storage mutex</a> and then act as it would when - processing cookies if it had just attempted to <a href="#fetch">fetch</a> - <a href="#the-document-s-address">the document's address</a> over HTTP, and had received a - response with a <code>Set-Cookie</code> header whose value was the - specified value, as per RFC 2109 sections 4.3.1, 4.3.2, and 4.3.3 or - later specifications, but without overwriting the values of - HTTP-only cookies. <a href="#refsRFC2109">[RFC2109]</a> <a href="#refsCOOKIES">[COOKIES]</a></p> - - <p class="note">This specification does not define what makes an - HTTP-only cookie, and at the time of publication the editor is not - aware of any reference for HTTP-only cookies. They are a feature - supported by some Web browsers wherein an "<code title="">httponly</code>" parameter added to the cookie string - causes the cookie to be hidden from script.</p> + <span title="receives a set-cookie-string">receiving a + set-cookie-string</span> for <a href="#the-document-s-address">the document's address</a> via + a "non-HTTP" API, consisting of the new value. <a href="#refsCOOKIES">[COOKIES]</a></p> <p class="note">Since the <code title="dom-document-cookie"><a href="#dom-document-cookie">cookie</a></code> attribute is accessible across frames, the path restrictions on cookies are only a tool to @@ -48678,7 +48666,7 @@ the HTTP headers (including, in particular, redirects and HTTP cookie headers), but must ignore any entity bodies returned in the responses. User agents may close the connection prematurely once - they start receiving an entity body. <a href="#refsRFC2109">[RFC2109]</a> <a href="#refsCOOKIES">[COOKIES]</a></p> + they start receiving an entity body. <a href="#refsCOOKIES">[COOKIES]</a></p> <p>For URLs that are not HTTP URLs, the requests must be performed by <a href="#fetch" title="fetch">fetching</a> the specified URL normally, @@ -67714,10 +67702,6 @@ N. Borenstein. IETF, November 1996.</dd> <!-- for text/plain and "Internet Media type"; not for definition of "valid MIME type". --> - <dt id="refsRFC2109">[RFC2109]</dt> - <dd><cite><a href="http://www.ietf.org/rfc/rfc2109.txt">HTTP State Management - Mechanism</a></cite>, D. Kristol, L. Montulli. IETF, February 1997.</dd> - <dt id="refsRFC2119">[RFC2119]</dt> <dd><cite><a href="http://www.ietf.org/rfc/rfc2119.txt">Key words for use in RFCs to Indicate Requirement Levels</a></cite>, S. Bradner. IETF, March
Received on Thursday, 3 September 2009 12:13:06 UTC