Re: [clear-site-data] header field syntax from Mike West on 2015-08-10 (public-webappsec@w3.org from August 2015)

From: Mike West <mkwst@google.com>
Date: Mon, 10 Aug 2015 07:02:56 +0200
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Martin Thomson <martin.thomson@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAKXHy=friNx8HjBE4sbzTz4am3zixQXe8_p137uCWUbt8nT1tw@mail.gmail.com>

On Sun, Aug 9, 2015 at 9:31 PM, Julian Reschke <julian.reschke@gmx.de>
wrote:
>
> So yes, "Prefer" is a good example with just
>
>  word           = token / quoted-string
>
> added.
>

Hrm. I read Martin's email as saying that that he wouldn't use it as a
model, even with that addition. :)

For clarity, you'd suggest something like the following

    header-field = "Clear-Site-Data" ":" 1#option-list
    option-list = key-value *( OWS ";" [ OWS key-value ] )
    key-value = token [ BWS "=" BWS word ]
    word = token / quoted-string

And then follow it up with processing instructions defining the expected
keywords and their meanings, along with the expected behavior for unknown
keywords? That seems reasonable to me, except that it removes the ability
to use '*' to mean "clear everything". I suppose we can easily replace that
with an "clear-everything-no-really-i-mean-it" keyword.

(Note also that the link you were looking at is out of date; I need to
redirect the version in my personal repo to
https://w3c.github.io/webappsec/specs/clear-site-data/#header (sorry about
that confusion)).

-mike

Received on Monday, 10 August 2015 05:03:45 UTC