Open inexorabletash opened 1 year ago
This PR (as currently written) is purely to align the spec text w/ Chromium behavior. That doesn't mean we should merge it though! Notably:
document.cookie
prevents writes if the document is "cookie-averse". Alignment might be nice?I looked briefly at tests just to capture Chrome's behavior - given the [SecureContext]
requirement for the API I'm drawing a blank on exercising the "not potentially trustworthy" check from WPT given https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy .
A manual test for file:
is doable. Ideas welcome.
This aligns the spec with Chromium's behavior, namely that writes where the origin is not potentially trustworthy or is "file" scheme result in failure with a TypeError.
Resolves #193
Preview | Diff