- From: michael-oneill <notifications@github.com>
- Date: Mon, 08 Apr 2019 17:06:22 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/297/481051763@github.com>
This is a great idea, and I agree the short duration default of 1 hour is in the right ballpark. One thing to consider: text that the user agent SHOULD alert the user when the response header calls for a longer duration, or raises scope from same-origin. This could be a prompt as in ITP or some kind of visible indication in the chrome, and the user should be able to interact with it to deny or restrict the change. MikeO From: Mike West <notifications@github.com> Sent: 08 April 2019 13:36 To: w3ctag/design-reviews <design-reviews@noreply.github.com> Cc: michael-oneill <michael.oneill@baycloud.com>; Comment <comment@noreply.github.com> Subject: Re: [w3ctag/design-reviews] HTTP State Tokens (#297) Y'all might be interested in skimming through https://speakerdeck.com/mikewest/cookies-are-bad-at-http-workshop-2019, which walks through the proposal at a very high level. The spec linked above should be detailed enough to pick at, but the high-level direction is what I'm most interested in at this point. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <https://github.com/w3ctag/design-reviews/issues/297#issuecomment-480813306> , or mute the thread <https://github.com/notifications/unsubscribe-auth/AEBCIvNHrNYqrW3RZiWkzA1ly_Vcophpks5vezeqgaJpZM4V8N8q> . <https://github.com/notifications/beacon/AEBCIh3emTlICNMX_wZrjFYK6noXdjAzks5vezeqgaJpZM4V8N8q.gif> -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/297#issuecomment-481051763
Received on Tuesday, 9 April 2019 00:06:44 UTC