- From: Jeffrey Yasskin <notifications@github.com>
- Date: Tue, 17 Dec 2024 16:02:03 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 18 December 2024 00:02:07 UTC
Thanks for sending this to us. We think the use case looks reasonable, but we'd like to make sure that the relevant working groups get a chance to check that the behavior is right and that this doesn't add too much complexity to spec and other-engine infrastructure. In particular, it looks like it might be tricky to save the site so it's reliably only used for including these particular cookies in requests. Please drive w3c/webappsec-csp#664 to a conclusion, and work on a PR for the appropriate sections of HTML. We are reminded again that cookies are now at the point that you need a doctorate in that domain to make any sense of them. The combination with the [iframe sandbox attribute](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox) really takes it to the next level in terms of web developer hostility. That's not your fault, but we think that this area of the platform is well overdue for a serious rethink. -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/1004#issuecomment-2549937969 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/1004/2549937969@github.com>
Received on Wednesday, 18 December 2024 00:02:07 UTC