Re: [whatwg/fetch] Integrate with new draft cookie spec (draft-annevk-johannhof-httpbis-cookies/00+ε) (PR #1807) from Anne van Kesteren on 2025-04-15 (public-webapps-github@w3.org from April 2025)

From: Anne van Kesteren <notifications@github.com>
Date: Tue, 15 Apr 2025 05:07:28 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/1807/review/2767997754@github.com>

@annevk commented on this pull request.



> +given a <a for=/>request</a> <var>request</var>, run these steps:
+
+<ol>
+  <li><p>If the user-agent is configured to disable cookies for <var>request</var>, it should
+  return.
+
+  <li><p>Let |sameSite| be the result of [=determining the same-site mode=] for <var>request</var>.
+
+  <li><p>Let |isSecure| be false.
+
+  <li><p>If <var>request</var>'s <a for=request>client</a> is a <a>secure context</a>, then set
+  |isSecure| to true.
+
+  <li><p>Let |httpOnlyAllowed| be true.
+
+  <p class=note>Fetch implies that the request is http-only, as opposed to document.cookie

I think I see what you're going for now. Maybe:

> True follows from this being invoked from fetch, as opposed to the document.cookie getter steps for instance.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1807#discussion_r2044373701
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/pull/1807/review/2767997754@github.com>

Received on Tuesday, 15 April 2025 12:07:32 UTC