Re: [whatwg/fetch] Add support for compression dictionary transport (PR #1854) from Patrick Meenan on 2025-12-18 (public-webapps-github@w3.org from December 2025)

From: Patrick Meenan <notifications@github.com>
Date: Thu, 18 Dec 2025 07:13:52 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/1854/review/3593521932@github.com>

@pmeenan commented on this pull request.



> + <li><p>If the user agent is configured to block cookies for <var>request</var>, then return the
+ result of running <a>HTTP-network fetch</a> given <var>fetchParams</var>,
+ <var>includeCredentials</var>, and <var>forceNewConnection</var>.

The `Use-As-Dictionary` response header can attach an arbitrary ID to arbitrary requests from the same origin (that match a given pattern) without having to access the underlying response. This allows non-executable responses to attach a tracking ID to an origin that behaves like a cookie without having to execute code (image-only origins for example).

To keep things consistent with dev expectations and CSP, the security and privacy teams requested that they also be treated as cookies and not be allowed in situations where cookies would not have been allowed.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1854#discussion_r2631491172
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/pull/1854/review/3593521932@github.com>

Received on Thursday, 18 December 2025 15:13:56 UTC