http-extensions
http-extensions copied to clipboard
httpwg
HTTP Extensions in progress
Currently https://fetch.spec.whatwg.org/#concept-http-network-fetch ignores all 1xx responses, it seems this would have to be changed somehow, assuming this is to be adopted in user agents implementing Fetch. It would also have...
attempt @martinthomson's "simple alternative" in #1927 to say the chain is in the same order as it appears in TLS rather than copying the language from TLS
update refs for HTTP Semantics, HTTP/3, and QPACK to point to the now RFCs 9110/9114/9204 for #2146
We have introduced `__Secure-` and `__Host-` as prefixes to cookie names in the past, at the expense that existing cookies using such prefixed names would be treated completely differently (assuming...
When it comes to the client side parsing of cookies, both RFC 6265 as well as 6265bis-10 state: > the algorithm strips leading and trailing whitespace from the cookie name...
Modify the cookie storage algorithm to reject cookies that: - Do not have a name - Have values that look like cookie prefixes As mentioned in #2229, malicious servers can...
## This PR - briefly mentions security advantages See #1895
We have 2 reasons for using client-generated tokens in the initial draft: (1) we want the minimum number of round trips, and (2) we don't want to depend on 1xx...
Draft 00 doesn't mention the [Expect header](https://www.rfc-editor.org/rfc/rfc9110.html#name-expect) at all. I think we might find some rough edges here depending on how the feature discussion settles. The final answer might boil...
