Closed DCtheTall closed 1 year ago
Recap of the points from yesterday's PrivacyCG call:
Path=/
requirement is not necessary.Secure
requirement as well.
Path
attribute in cookies to separate out cookies set in different countries to satisfy different language or legal requirements.I think we made good progress, and I think it is reasonable to say there is alignment that the Path=/
requirement is not necessary for CHIPS and may make adoption more difficult.
Closing this now that #49 has landed.
When CHIPS was initially proposed, we required that the
__Host-
name prefix be included. This prefix is already part of the cookie RFC and requires the following:Secure
attribute.Domain
attribute.Path=/
attribute.Due to concerns raised in #30, Chrome removed the
__Host-
name prefix requirement from CHIPS. Likewise, due to concerns raised in #39 and #43 we decided to remove the no-Domain
requirement as well.Given we have diverged the
Partitioned
behavior from the__Host-
prefix behavior, I am opening this issue to prompt a discussion on whether we should continue to include or do away with thePath=/
attribute as well.