creating a pull request after Dagstuhl discussions #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
xkr47
reviewed
Aug 14, 2018
| @@ -103,7 +128,7 @@ following options come to mind: | |||
|
|
|||
| ```http | |||
| Sec-HTTP-State-Options: ..., delivery=same-origin, ... | |||
| ``` | |||
|
|
|||
|
|
||
| _©2018, Google, Inc. All rights reserved._ | ||
| [Mike West](https://github.com/mikewest/http-state-tokens), August 2018 to provide a pull request. |
There was a problem hiding this comment.
I guess the above forked from texts are not supposed to get merged with this PR?
|
|
||
| (_Note: This isn't a proposal that's well thought out, and stamped solidly with the Google Seal of | ||
| Approval. It's a collection of interesting ideas for discussion, nothing more, nothing less._) | ||
|
|
||
| (_Note: This is a pull request after fruitful discussions in Dagstuhl) |
There was a problem hiding this comment.
This would rather belong to the PR comments section I believe?
| as they can with cookies today. There's a trivial hurdle insofar as folks would need to declare that | ||
| intent by setting the token's `delivery` member, and it's reasonable to expect user agents to react | ||
| to that declaration in some interesting ways, but in itself, there's little change in technical | ||
| capability. | ||
| capability. | ||
|
|
| ``` | ||
|
|
||
| This identifier acts more or less like a client-controlled cookie, with a few notable distinctions: | ||
|
|
||
| 1. The client controls the token's value, not the server. | ||
| 1. The client controls the token's value, not the server. |
| @@ -265,7 +320,12 @@ key-value pairs set by the server (though I expect healthy debate on that topic) | |||
|
|
|||
| Slowly and gradually. User agents could begin by advertising support for the new hotness by | |||
| appending a `Sec-HTTP-State` header to outgoing requests (either setting the value by default, or | |||
| allowing developers to opt-in, as per the pivot point discussion above). | |||
| allowing developers to opt-in, as per the pivot point discussion above). | |||
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi Mike,
after our discussions, I added the idea of giving the token a purpose and argued why this would be a good idea. Feel free to mutilate as you wish