W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2015

Re: [clear-site-data] header field syntax

From: Mike West <mkwst@google.com>
Date: Wed, 12 Aug 2015 10:11:37 +0200
Message-ID: <CAKXHy=eap=M7sL0eToWmRn+yWXOLWV8QsyDnpn9=0+Aiopdg+Q@mail.gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Martin Thomson <martin.thomson@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Aug 12, 2015 at 9:54 AM, Julian Reschke <julian.reschke@gmx.de>
wrote:

> Recombination is governed by the HTTP spec, not an individual header field
> definition.
>
> So any software component is allowed to change
>
> > Clear-Site-Data: *
> > Clear-Site-Data: includeSubdomains
>
> to
>
> > Clear-Site-Data: *, includeSubdomains
>
> ...and a header field definition needs to handle that case.
>

Yes. Of course. My point is that our definition might need to treat `*,
includeSubdomains` as distinct from `*; includeSubdomains` in the same way
that CSP does, for the same reasons.

-mike
Received on Wednesday, 12 August 2015 08:12:25 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:14 UTC