- From: Daniel Dyla <notifications@github.com>
- Date: Tue, 20 Jul 2021 10:17:47 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/650/883560255@github.com>
> Can you clarify what a user-agent is meant to do on receiving this header, if anything? For the baggage header, the user-agent will not do anything other than send the header. In version 1, there is no response header and we have no plans to introduce one in future versions at the moment. > This issue came up during Chromium Security & Privacy review of this issue, and we were unclear whether the spec is meant to apply to browsers / user agents or not. Other than sending the baggage header just like any other header, the user-agent has no responsibilities. It is conceivable that a user-agent would want to add baggage entries, but that is not part of the specification. >The spec seems primarily concerned with "downstream services", but the last example in the explainer shows a web browser echoing a "W3C Trace ID" back to a server, which would make this functionality cookie-equivalent. However, the implications of being cookie-like (life time? origin bound? which permissions apply?) do not seem to be spelled out clearly. The "W3C Trace ID" is part of the separate but related [W3C Trace Context](https://www.w3.org/TR/trace-context/) specification which is not a part of the baggage specification which we are asking to be reviewed. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/650#issuecomment-883560255
Received on Tuesday, 20 July 2021 17:17:59 UTC