Robert Rothenberg
Robert Rothenberg
I think the documentation should certainly be updated, at a minimum. But to be honest, I'm not a fan of enabling this policy by default. I think with the increasing...
Is this fixed in 0.40051?
HTTP Authentication is not fit for purpose, and rarely used by most websites that have login functionality. For a website to track that the user is logged in, it needs...
This is *not* the "GDPR Protocol". Even if GDPR or other privacy regulations allow some forms of tracking without asking the user's consent, it is important to notify the user...
> They would not have to place cookies even if the ADPC is not present (because ePrivacy) Who is "they"? The User-Agent? The web server?
> Only cookies that are solely required for the underlying communications, or those strictly necessary to fulfil a user request, can be placed on first HTTP request. That's what I...
If the consent request were stored in a well-known location #9 then the browser can check the cache and look for updates. (If the Last-Modified date is newer than the...
> Storing consent requests in `.well-known` will not work if the consent request is not uniform for all cases, but is specific for certain cases or individuals. Making consent strings...
I that explicit checks for every HTTP request are not feasible. As I've noted in #9, adding ADPC headers in the requests and responses will increase the size of requests/responses....