From 74a5e28ca1955c9b2c8a9cdfb8f515b54487d512 Mon Sep 17 00:00:00 2001 From: svendlarsen Date: Mon, 22 Jul 2024 14:25:23 -0400 Subject: [PATCH] Update spec for cookie partition keys and partitioned storage keys (#78) * Specify handling of partitioned cookies in deletion * Add refs for paritioned cookies and domain attribute * Correct partition key matching description * Rename cookie clearing algorithm for clarity * Revert "Rename cookie clearing algorithm for clarity" This reverts commit 045d4bd28dbf54e4669f4547b43442ebd1d7043a. * Document host precondition in cookie-clearing algorithm * Handle non-site info in cookie partition keys * Add dfn links for `continue` * Handle partitioned non-cookie storage in deletion * Drop phantom link to storage key top-level site --- index.bs | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/index.bs b/index.bs index 8a56643..a10c122 100644 --- a/index.bs +++ b/index.bs @@ -53,6 +53,10 @@ spec: RFC6265; urlPrefix: https://tools.ietf.org/html/rfc6265/ spec: RFC9111; urlPrefix: https://tools.ietf.org/html/rfc9111/ type: dfn text: network cache; url: section-2 +spec: PARTITIONED-COOKIES; urlPrefix: https://datatracker.ietf.org/doc/html/draft-cutler-httpbis-partitioned-cookies# + type: dfn + text: partitioned cookie; url: section-2.1 + text: partition key; url: section-2.2
@@ -762,8 +766,15 @@ spec. It would be nice to unify these in the future.

To clear cookies for host given a [=host=] |host|, perform the following steps: -1. Let |cookieList| be the set of cookies from the [=cookie store=] whose - domain attribute is a [=domain-match=] with |host|. +1. [=Assert=]: |host|'s [=host/registrable domain=] is |host| or null. +1. Let |cookieList| be a set of cookies, initially empty. +1. [=list/For each=] cookie |cookie| in the [=cookie store=]: + 1. If |cookie| is not [=partitioned cookie|partitioned=]: + 1. If |cookie|'s [=domain attribute=] is a [=domain-match=] with |host|, add |cookie| to |cookieList|; otherwise, [=iteration/continue=]. + 1. If |cookie| is [=partitioned cookie|partitioned=]: + 1. If the top-level [=site=] in |cookie|'s [=partition key=] is [=same site=] with the [=site=] ("http", |host|), add |cookie| to |cookieList|. + 1. If the top-level [=site=] in |cookie|'s [=partition key=] is [=same site=] with the [=site=] ("https", |host|), add |cookie| to |cookieList|. + 1. Otherwise, [=iteration/continue=]. 1. [=list/For each=] |cookie| in |cookieList|: 1. Remove |cookie| from the [=cookie store=]. @@ -779,13 +790,18 @@ the following steps: 1. For each storage shed |shed| held by the user agent or a [=traversable navigable=]: 1. [=map/For each=] |storageKey| -> |storageShelf| of |shed|: - 1. If |storageKey|'s origin is an - [=opaque origin=], then [=iteration/continue=]. - 1. If |storageKey|'s origin's - [=origin/host=] does not equal |host|, then [=iteration/continue=]. + 1. Let |topLevelSite| be |storageKey|'s top-level site. + 1. If |topLevelSite| is an [=opaque origin=], then [=iteration/continue=]. + 1. If |topLevelSite|'s [=host=] does not equal |host|, then [=iteration/continue=]. 1. Delete all data stored in |storageShelf|. 1. [=map/Remove=] |storageKey| from |shed|. +Note: This algorithm is written assuming the implementation of the + [work-in-progress update](https://github.com/whatwg/storage/pull/144) to + the [Storage Standard](https://storage.spec.whatwg.org/) to + key storage on both an + origin and a top-level site. +