From ffd71c8e378e0b0e0cff66193a67f78f18c11de0 Mon Sep 17 00:00:00 2001 From: sbingler Date: Thu, 7 Jul 2022 22:04:25 +0000 Subject: [PATCH 1/4] Offload Service Worker SFC computation to spe This changes how 6265bis computes the Site for Cookies for Service Workers by referring to their spec instead of spelling it out locally. --- draft-ietf-httpbis-rfc6265bis.md | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/draft-ietf-httpbis-rfc6265bis.md b/draft-ietf-httpbis-rfc6265bis.md index 1f325cb53..ad2047131 100644 --- a/draft-ietf-httpbis-rfc6265bis.md +++ b/draft-ietf-httpbis-rfc6265bis.md @@ -1084,20 +1084,8 @@ Service Workers are more complicated, as they act as a completely separate execution context with only tangential relationship to the Document which registered them. -Requests which simply pass through a Service Worker will be handled as described -above: the request's client will be the Document or Worker which initiated the -request, and its "site for cookies" will be those defined in -{{document-requests}} and {{dedicated-and-shared-requests}} - -Requests which are initiated by the Service Worker itself (via a direct call to -`fetch()`, for instance), on the other hand, will have a client which is a -ServiceWorkerGlobalScope. Its "site for cookies" will be the Service Worker's -URI's origin. - -Given a ServiceWorkerGlobalScope (`worker`), the following algorithm returns its -"site for cookies": - -1. Return `worker`'s origin. +How user agents handle Service Workers may differ, but user agents SHOULD +match the {{SERVICE-WORKERS}} specification. ## Ignoring Set-Cookie Header Fields {#ignoring-cookies} From 706b78fbd889b621b07ee08d75e5fd7e67a484ac Mon Sep 17 00:00:00 2001 From: sbingler Date: Wed, 13 Jul 2022 21:46:57 +0000 Subject: [PATCH 2/4] Add to change log --- draft-ietf-httpbis-rfc6265bis.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/draft-ietf-httpbis-rfc6265bis.md b/draft-ietf-httpbis-rfc6265bis.md index 6af0f238f..d165f248f 100644 --- a/draft-ietf-httpbis-rfc6265bis.md +++ b/draft-ietf-httpbis-rfc6265bis.md @@ -2500,6 +2500,9 @@ The "Cookie Attribute Registry" should be created with the registrations below: * Add note not to send invalid cookies due to public suffix list changes: +* Add note regarding Service Worker's computation of "site for cookies": + + # Acknowledgements {:numbered="false"} RFC 6265 was written by Adam Barth. This document is an update of RFC 6265, From 2d214ab4087fccdc21628ac581975486cae44db5 Mon Sep 17 00:00:00 2001 From: sbingler Date: Thu, 7 Jul 2022 22:04:25 +0000 Subject: [PATCH 3/4] Offload Service Worker SFC computation to spe This changes how 6265bis computes the Site for Cookies for Service Workers by referring to their spec instead of spelling it out locally. --- draft-ietf-httpbis-rfc6265bis.md | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/draft-ietf-httpbis-rfc6265bis.md b/draft-ietf-httpbis-rfc6265bis.md index 291a5c4bd..cb8088fcc 100644 --- a/draft-ietf-httpbis-rfc6265bis.md +++ b/draft-ietf-httpbis-rfc6265bis.md @@ -1088,20 +1088,8 @@ Service Workers are more complicated, as they act as a completely separate execution context with only tangential relationship to the Document which registered them. -Requests which simply pass through a Service Worker will be handled as described -above: the request's client will be the Document or Worker which initiated the -request, and its "site for cookies" will be those defined in -{{document-requests}} and {{dedicated-and-shared-requests}} - -Requests which are initiated by the Service Worker itself (via a direct call to -`fetch()`, for instance), on the other hand, will have a client which is a -ServiceWorkerGlobalScope. Its "site for cookies" will be the Service Worker's -URI's origin. - -Given a ServiceWorkerGlobalScope (`worker`), the following algorithm returns its -"site for cookies": - -1. Return `worker`'s origin. +How user agents handle Service Workers may differ, but user agents SHOULD +match the {{SERVICE-WORKERS}} specification. ## Ignoring Set-Cookie Header Fields {#ignoring-cookies} From a0c3bfa431998afb650d06cc1f72f25a30b0819d Mon Sep 17 00:00:00 2001 From: sbingler Date: Wed, 13 Jul 2022 21:46:57 +0000 Subject: [PATCH 4/4] Add to change log --- draft-ietf-httpbis-rfc6265bis.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/draft-ietf-httpbis-rfc6265bis.md b/draft-ietf-httpbis-rfc6265bis.md index cb8088fcc..1737bf119 100644 --- a/draft-ietf-httpbis-rfc6265bis.md +++ b/draft-ietf-httpbis-rfc6265bis.md @@ -2507,6 +2507,9 @@ The "Cookie Attribute Registry" should be created with the registrations below: * Add warning to not send nameless cookies: +* Add note regarding Service Worker's computation of "site for cookies": + + # Acknowledgements {:numbered="false"} RFC 6265 was written by Adam Barth. This document is an update of RFC 6265,