Contact [email protected] ExplainerNone
Specification https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis/#section-5.5 Summary To align with the latest specification in RFC 6265bis, Chromium will reject cookies with a "Domain" attribute that contains a non-ASCII character (e.g. Domain=éxample.com <http://xn--domain%3Dxample-hhb.com/>). Blink componentBlink>Network <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ENetwork> Motivation Support for IDN domain attributes in cookies has been long unspecified, with Chromium, Safari and Firefox all behaving differently. https://github.com/httpwg/http-extensions/issues/1707 fixes this issue by standardizing Firefox's behavior of rejecting cookies with non-ASCII domain attributes. Since Chromium has previously accepted non-ASCII characters and tried to convert them to normalized punycode for storage, we will now apply stricter rules and require valid ASCII (punycode if applicable) domain attributes. Initial public proposal TAG review TAG review statusNot applicable Risks Interoperability and Compatibility There is a general risk of breakage compared to past Chromium versions from rejecting previously accepted cookies, but UMA measurements show the percentage of cookies with non-ASCII characters (including potentially invalid cookies) to be below 0.0001%. This change improves interoperability by aligning with what Firefox is shipping and what Safari aims to ship as well. *Gecko*: Positive (https://github.com/httpwg/http-extensions/issues/1707) *WebKit*: Positive (https://github.com/httpwg/http-extensions/issues/1707) *Web developers*: No signals *Other signals*: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? Debuggability TBD Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ?Yes Flag name Requires code in //chrome?False Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=1296537 Estimated milestones No milestones specified Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5534966262792192 This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAD_OO4hVsjFA06ytmbNvn-bfUXDGur0ESSMxEO-o-96sCNAiOQ%40mail.gmail.com.
