Introduce "Schemeful Same-Site" cookies. #1324
Conversation
mikewest
added
6265bis
6265bis samesite
|
Can you please review, @chlily1? |
draft-ietf-httpbis-rfc6265bis.md
Outdated
|
|
||
| For a given request ("request"), the following algorithm returns `same-site` or | ||
| `cross-site`: | ||
| 1. If A and B are both scheme/host/port triples: |
There was a problem hiding this comment.
Can we use the same "tuple origin" terminology as HTML here?
There was a problem hiding this comment.
Hi Mike,
Has there been any changes on the IETF/WHATWG term differences? This same point came up during the PR into cookie inc. mikewest/cookie-incrementalism#3 (comment)
|
Thanks for the review comments! I'm going to let this bake for a few days (and let some folks respond), and eat a lot of pumpkin pie in the meantime. Looking to pick it up early next week. |
|
I'd suggest that we try to get this landed, and then spin off a new -07. WDYT? |
SGTM! My goal is to address feedback before EOW (and I'll file a new follow-up issue to hash out origin vs tuple and we can make changes the next go around): filed #1337 |
miketaylr
force-pushed
the
schemeful-samesite
branch
from
a71e172 to
e783050
Compare
Great catch, let me fix that up. |
|
Thanks for punting the terminology conversation out to a separate bug. LGTM2; I'll land this and spin out an -07 draft. |
|
Thanks all! |
Opening for discussion, per the last interim group meeting.
This should correspond to https://tools.ietf.org/html/draft-west-cookie-incrementalism-01#section-3.3