Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate with new draft cookie spec (draft-annevk-johannhof-httpbis-cookies/00+ε) #1807

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Integrate with new draft cookie spec (draft-annevk-johannhof-httpbis-cookies/00+ε) #1807

wants to merge 1 commit into from

Conversation

bvandersloot-mozilla
Copy link

@bvandersloot-mozilla bvandersloot-mozilla commented Jan 30, 2025
edited by pr-preview bot
Loading

This adds algorithms to retrieve and store cookies via the new draft cookie spec, assuming we have some more partitioning arguments.

It is based on #1707, and in total it does the following:

  • lift samesite logic from 6265bis
  • append cookies to requests
  • pull cookies from responses
  • define partition keys for fetches
  • define when unpartitioned cookies cannot be used

This blocks on some HTML changes

This patch does the following on top of the work in #1707:

  • rebase to main

  • add logic for parsing and storing cookies

  • point to the IETF-hosted draft cookie spec

  • don't point to storage access API for has storage access, use a broken link instead

  • add a broken link to environment/ancestry

  • add a broken link for the request's initiator origin plumbed in from HTML. It'll be defined here, but we need to modify HTML so we can track it in the top.

  • add broken links to things that need to be added to HTML

  • fix some nits (e.g. "foo" -> "foo")

  • use [=secure context=] not scheme=https

  • use SameSite=None by default. Let's punt on that for now, given the current state of implementations and lack of clear path forward.

  • At least two implementers are interested (and none opposed):

    • Mozilla
    • Apple
    • Google

  • Tests are written and can be reviewed and commented upon at:

    • This shouldn't change functionality.

  • Implementation bugs are filed:

    • Chromium: n/a
    • Gecko: n/a
    • WebKit: n/a

  • MDN issue is filed: n/a

  • The top of this comment includes a clear commit message to use.

Preview | Diff

@bvandersloot-mozilla
Pick up, dust off, and improve cookie layering
5971b14 
This patch does the following to the work in whatwg#1707:
- rebase to main
- add logic for parsing and storing cookies
- point to the IETF-hosted draft cookie spec
- don't point to storage access API for has storage access, use a broken
  link instead
- add a broken link to environment/ancestry
- add a broken link for the request's initiator origin plumbed in from HTML. It'll be defined here, but we need to modify HTML so we can track it in the top.
- add broken links to things that need to be added to HTML
- fix some nits (e.g. "foo" -> "<code>foo</code>")
- use [=secure context=] not scheme=https
- use SameSite=None by default. Let's punt on that for now, given the
  current state of implementations and lack of clear path forward.
@bvandersloot-mozilla
Copy link
Author

@DCtheTall @annevk

@bvandersloot-mozilla bvandersloot-mozilla changed the title Integrate with new draft cookie spec (draft-annevk-johannhof-httpbis-cookies/00++) Integrate with new draft cookie spec (draft-annevk-johannhof-httpbis-cookies/00+ε) Jan 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bvandersloot-mozilla