- From: CVS User dsinger2 <cvsmail@w3.org>
- Date: Tue, 23 Apr 2013 10:06:45 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/tmp/cvs-serv16026
Modified Files:
tracking-dnt.html
Log Message:
tighten up the cookie-like domain matching for exceptions
--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html 2013/04/23 09:26:43 1.204
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html 2013/04/23 10:06:45 1.205
@@ -1598,6 +1598,14 @@
database, then a DNT:0 header is sent, otherwise DNT:1 is
sent.</li>
</ul>
+ <p>A pair of duplets [A,B] and [X,Y] match if A matches X and B matches Y.
+ A pair of values A and X match if and only if one of the following
+ is true:<ul>
+ <li>either A or X is "*";</li>
+ <li>A and X are the same string;</li>
+ <li>A has the form '*.domain' and X is 'domain' or is of the
+ form 'string.domain', where 'string' is any sequence of characters.</li>
+ </ul>
<p>In addition, responses to the JavaScript API indicated should be consistent
with this user preference (see below).</p>
@@ -1756,8 +1764,10 @@
or <code>"com"</code>.
</p>
- <p>If the <code>domain</code> argument is not permitted by following the
- cookie domain rules (e.g. not a right-hand match or is a TLD) then
+ <p>If the document-origin would not be permitted to set a cookie on the
+ <code>domain</code> following the cookie domain rules [[!COOKIES]]
+ (e.g. <code>domain</code> is not a right-hand match or is a TLD)
+ then the duplet MUST not be entered into the database and
a SYNTAX_ERR exception should be thrown.
</p>
@@ -1777,9 +1787,6 @@
<p>
is added to the database of remembered grants.
</p>
- <p>Here <code>*.domain</code> indicates that a wildcard match will be performed
- against the domain suffix.
- </p>
<p>
A particular response to the API — like a DNT response
header — is only valid immediately, and users may choose to
Received on Tuesday, 23 April 2013 10:06:46 UTC