W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2015

Re: [clear-site-data] header field syntax

From: Julian Reschke <julian.reschke@gmx.de>
Date: Mon, 10 Aug 2015 08:40:39 +0200
To: Mike West <mkwst@google.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <55C84767.5010800@gmx.de>
On 2015-08-10 07:02, Mike West wrote:
> On Sun, Aug 9, 2015 at 9:31 PM, Julian Reschke <julian.reschke@gmx.de
> <mailto:julian.reschke@gmx.de>> wrote:
>
>     So yes, "Prefer" is a good example with just
>
>       word           = token / quoted-string
>
>     added.
>
>
> Hrm. I read Martin's email as saying that that he wouldn't use it as a
> model, even with that addition. :)

He might change his mind when he understands how the mistake in 7240 was 
introduced.

> For clarity, you'd suggest something like the following
>
>      header-field = "Clear-Site-Data" ":" 1#option-list
>      option-list = key-value *( OWS ";" [ OWS key-value ] )
>      key-value = token [ BWS "=" BWS word ]
>      word = token / quoted-string


I'd follow the httpbis definition model and only define the field 
*value* in the ABNF, and also keep the distinction between "option" and 
"parameter" in the names so it's easier to discuss in prose:

   Clear-Site-Data = 1#option
   option = key-value *( OWS ";" [ OWS parameter ] )
   key-value = token [ BWS "=" BWS word ]
   parameter = token [ BWS "=" BWS word ]
   word = token / quoted-string
	
> And then follow it up with processing instructions defining the expected
> keywords and their meanings, along with the expected behavior for
> unknown keywords? That seems reasonable to me, except that it removes

Exactly.

> the ability to use '*' to mean "clear everything". I suppose we can
> easily replace that with an "clear-everything-no-really-i-mean-it" keyword.

The string "*" is an allowed token; see 
<http://greenbytes.de/tech/webdav/rfc7230.html#rfc.iref.g.34>.

> (Note also that the link you were looking at is out of date; I need to
> redirect the version in my personal repo to
> https://w3c.github.io/webappsec/specs/clear-site-data/#header (sorry
> about that confusion)).
>
> -mike
>

Best regards, Julian
Received on Monday, 10 August 2015 06:41:10 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:14 UTC