Closed sstrollo closed 2 years ago
Well, does it confuse newer user agents? It was obsolete when the lib was written, but that's not necessarily a problem.
Also any revision to the cookie parsing/building code should wait for the final version of rfc6265bis.
Okay. I can't find any reference that says the "Set-Cookie" header should include a "Version" attribute, I would argue the code is (and has been) wrong all along :) Plenty of references that don't refer to "Version", apart from rfc 6265, https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie. For parsing, IMO, you should just ignore unknown attributes (such as version).
It's an old remnant from when there was implementations of Set-Cookie2.
Cookie building and parsing is very detailed in rfc6265bis and I have helped iron out a few edge cases in the draft. Gun runs the same test suites browsers do. It's only a matter of time until it gets released and we can do the final bit of work around that.
Fair enough. Let me look into what the problem actually was (I just heard it from one of my front-end colleagues, something about "hmm .. cookie ... version .. chrome..." :) and thought I might as well remove the Version).
Thanks,
/Sebastian
The most recent draft is https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-09
I will do a revision based on this draft before releasing Gun 2.0.
Great so the WPT tests no longer have the http-state tests (they were ported to WPT proper) so properly testing cookies again will require some extra work.
FYI I have figured out the path forward earlier this week. So now it's just a grind to convert the tests.
Merged, thanks!
The cookie test suite work was completed as well.
Hi
The "Version=" attribute in the set-cookie header is obsolete (and may even confuse some newer user agents). I propose removing it, as attached.
Cheers,
/Sebastian