Re: [clear-site-data] header field syntax

On 2015-08-10 07:02, Mike West wrote:
> On Sun, Aug 9, 2015 at 9:31 PM, Julian Reschke <julian.reschke@gmx.de
> <mailto:julian.reschke@gmx.de>> wrote:
>
>     So yes, "Prefer" is a good example with just
>
>       word           = token / quoted-string
>
>     added.
>
>
> Hrm. I read Martin's email as saying that that he wouldn't use it as a
> model, even with that addition. :)

He might change his mind when he understands how the mistake in 7240 was 
introduced.

> For clarity, you'd suggest something like the following
>
>      header-field = "Clear-Site-Data" ":" 1#option-list
>      option-list = key-value *( OWS ";" [ OWS key-value ] )
>      key-value = token [ BWS "=" BWS word ]
>      word = token / quoted-string


I'd follow the httpbis definition model and only define the field 
*value* in the ABNF, and also keep the distinction between "option" and 
"parameter" in the names so it's easier to discuss in prose:

   Clear-Site-Data = 1#option
   option = key-value *( OWS ";" [ OWS parameter ] )
   key-value = token [ BWS "=" BWS word ]
   parameter = token [ BWS "=" BWS word ]
   word = token / quoted-string
 
> And then follow it up with processing instructions defining the expected
> keywords and their meanings, along with the expected behavior for
> unknown keywords? That seems reasonable to me, except that it removes

Exactly.

> the ability to use '*' to mean "clear everything". I suppose we can
> easily replace that with an "clear-everything-no-really-i-mean-it" keyword.

The string "*" is an allowed token; see 
<http://greenbytes.de/tech/webdav/rfc7230.html#rfc.iref.g.34>.

> (Note also that the link you were looking at is out of date; I need to
> redirect the version in my personal repo to
> https://w3c.github.io/webappsec/specs/clear-site-data/#header (sorry
> about that confusion)).
>
> -mike
>

Best regards, Julian

Received on Monday, 10 August 2015 06:41:10 UTC