http-extensions
http-extensions copied to clipboard
httpwg
HTTP Extensions in progress
The security issues motivating CSP Cookie Controls (https://www.w3.org/TR/csp-cookies/) still exist. We at a minimum we should list this as a security consideration. In particular, an origin is unable to restrict...
When we started 6265bis, we gained WG consensus to incorporate [Expiring Aggressively Those HTTP Cookies](https://tools.ietf.org/html/draft-thomson-http-omnomnom-00).
The `Variants` header is a dictionary and in the current version of structured headers member names are `key` which only accepts lowercase letters: * https://tools.ietf.org/html/draft-ietf-httpbis-header-structure-14#section-3.2 * https://tools.ietf.org/html/draft-ietf-httpbis-header-structure-14#section-3.1.2
This made it easier for me to read some of the algorithms, but feel free to reject it if it doesn't help you.
https://tools.ietf.org/html/draft-ietf-httpbis-variants-06#section-2 ```http Variants: Accept-Encoding=(gzip br), Accept-Language=(en fr) ``` [result](https://jxck.github.io/structured-field-values/demo.html#QWNjZXB0LUVuY29kaW5nPShnemlwIGJyKSwgQWNjZXB0LUxhbmd1YWdlPShlbiBmcik=) Uppercase in Field name is not valid Dict key of SFV. It should be lowered before encoding. ```http Variants: accept-encoding=(gzip br),...
Firefox is feeling forced to support whitespace without quotes in the filename parameter of the Content-Disposition header. See https://bugzilla.mozilla.org/show_bug.cgi?id=1440677. In https://bugs.chromium.org/p/chromium/issues/detail?id=1006345 @MattMenke2 suggests removing whitespace without quotes support is not...
Cookies
Would an algorithm to key the cache on a cookie by name work? _(moved from mnot/I-D)_
Vary concepts are changing in http-core; variants will need to catch up.
(@mnot requested a new issue during Thursday's httpbis meeting at IETF 103) #549 suggests the idea of an algorithm to to key the cache on a cookie by name. One...
