W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2015

Re: [clear-site-data] header field syntax

From: Mike West <mkwst@google.com>
Date: Mon, 10 Aug 2015 07:02:56 +0200
Message-ID: <CAKXHy=friNx8HjBE4sbzTz4am3zixQXe8_p137uCWUbt8nT1tw@mail.gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Martin Thomson <martin.thomson@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Sun, Aug 9, 2015 at 9:31 PM, Julian Reschke <julian.reschke@gmx.de>
wrote:
>
> So yes, "Prefer" is a good example with just
>
>  word           = token / quoted-string
>
> added.
>

Hrm. I read Martin's email as saying that that he wouldn't use it as a
model, even with that addition. :)

For clarity, you'd suggest something like the following

    header-field = "Clear-Site-Data" ":" 1#option-list
    option-list = key-value *( OWS ";" [ OWS key-value ] )
    key-value = token [ BWS "=" BWS word ]
    word = token / quoted-string

And then follow it up with processing instructions defining the expected
keywords and their meanings, along with the expected behavior for unknown
keywords? That seems reasonable to me, except that it removes the ability
to use '*' to mean "clear everything". I suppose we can easily replace that
with an "clear-everything-no-really-i-mean-it" keyword.

(Note also that the link you were looking at is out of date; I need to
redirect the version in my personal repo to
https://w3c.github.io/webappsec/specs/clear-site-data/#header (sorry about
that confusion)).

-mike
Received on Monday, 10 August 2015 05:03:45 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:14 UTC