| draft-ietf-httpbis-rfc6265bis-15.txt | draft-ietf-httpbis-rfc6265bis-latest.txt | |||
|---|---|---|---|---|
| HTTP Working Group S. Bingler, Ed. | HTTP Working Group S. Bingler, Ed. | |||
| Internet-Draft M. West, Ed. | Internet-Draft M. West, Ed. | |||
| Obsoletes: 6265 (if approved) Google LLC | Obsoletes: 6265 (if approved) Google LLC | |||
| Intended status: Standards Track J. Wilander, Ed. | Intended status: Standards Track J. Wilander, Ed. | |||
| Expires: January 22, 2025 Apple, Inc | Expires: May 17, 2025 Apple, Inc | |||
| July 21, 2024 | November 13, 2024 | |||
| Cookies: HTTP State Management Mechanism | Cookies: HTTP State Management Mechanism | |||
| draft-ietf-httpbis-rfc6265bis-15 | draft-ietf-httpbis-rfc6265bis-latest | |||
| Abstract | Abstract | |||
| This document defines the HTTP Cookie and Set-Cookie header fields. | This document defines the HTTP Cookie and Set-Cookie header fields. | |||
| These header fields can be used by HTTP servers to store state | These header fields can be used by HTTP servers to store state | |||
| (called cookies) at HTTP user agents, letting the servers maintain a | (called cookies) at HTTP user agents, letting the servers maintain a | |||
| stateful session over the mostly stateless HTTP protocol. Although | stateful session over the mostly stateless HTTP protocol. Although | |||
| cookies have many historical infelicities that degrade their security | cookies have many historical infelicities that degrade their security | |||
| and privacy, the Cookie and Set-Cookie header fields are widely used | and privacy, the Cookie and Set-Cookie header fields are widely used | |||
| on the Internet. This document obsoletes RFC 6265. | on the Internet. This document obsoletes RFC 6265. | |||
| skipping to change at page 2, line 7 ¶ | skipping to change at page 2, line 7 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 22, 2025. | This Internet-Draft will expire on May 17, 2025. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2024 IETF Trust and the persons identified as the | Copyright (c) 2024 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 7 ¶ | skipping to change at page 3, line 7 ¶ | |||
| 3.2. Which Requirements to Implement . . . . . . . . . . . . . 9 | 3.2. Which Requirements to Implement . . . . . . . . . . . . . 9 | |||
| 3.2.1. Cookie Producing Implementations . . . . . . . . . . 10 | 3.2.1. Cookie Producing Implementations . . . . . . . . . . 10 | |||
| 3.2.2. Cookie Consuming Implementations . . . . . . . . . . 10 | 3.2.2. Cookie Consuming Implementations . . . . . . . . . . 10 | |||
| 4. Server Requirements . . . . . . . . . . . . . . . . . . . . . 11 | 4. Server Requirements . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 4.1. Set-Cookie . . . . . . . . . . . . . . . . . . . . . . . 11 | 4.1. Set-Cookie . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 4.1.1. Syntax . . . . . . . . . . . . . . . . . . . . . . . 11 | 4.1.1. Syntax . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 4.1.2. Semantics (Non-Normative) . . . . . . . . . . . . . . 13 | 4.1.2. Semantics (Non-Normative) . . . . . . . . . . . . . . 13 | |||
| 4.1.3. Cookie Name Prefixes . . . . . . . . . . . . . . . . 16 | 4.1.3. Cookie Name Prefixes . . . . . . . . . . . . . . . . 16 | |||
| 4.2. Cookie . . . . . . . . . . . . . . . . . . . . . . . . . 18 | 4.2. Cookie . . . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 4.2.1. Syntax . . . . . . . . . . . . . . . . . . . . . . . 18 | 4.2.1. Syntax . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 4.2.2. Semantics . . . . . . . . . . . . . . . . . . . . . . 18 | 4.2.2. Semantics . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 5. User Agent Requirements . . . . . . . . . . . . . . . . . . . 19 | 5. User Agent Requirements . . . . . . . . . . . . . . . . . . . 19 | |||
| 5.1. Subcomponent Algorithms . . . . . . . . . . . . . . . . . 19 | 5.1. Subcomponent Algorithms . . . . . . . . . . . . . . . . . 19 | |||
| 5.1.1. Dates . . . . . . . . . . . . . . . . . . . . . . . . 19 | 5.1.1. Dates . . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 5.1.2. Canonicalized Host Names . . . . . . . . . . . . . . 21 | 5.1.2. Canonicalized Host Names . . . . . . . . . . . . . . 21 | |||
| 5.1.3. Domain Matching . . . . . . . . . . . . . . . . . . . 22 | 5.1.3. Domain Matching . . . . . . . . . . . . . . . . . . . 22 | |||
| 5.1.4. Paths and Path-Match . . . . . . . . . . . . . . . . 22 | 5.1.4. Paths and Path-Match . . . . . . . . . . . . . . . . 22 | |||
| 5.2. "Same-site" and "cross-site" Requests . . . . . . . . . . 23 | 5.2. "Same-site" and "cross-site" Requests . . . . . . . . . . 23 | |||
| 5.2.1. Document-based requests . . . . . . . . . . . . . . . 23 | 5.2.1. Document-based requests . . . . . . . . . . . . . . . 23 | |||
| 5.2.2. Worker-based requests . . . . . . . . . . . . . . . . 24 | 5.2.2. Worker-based requests . . . . . . . . . . . . . . . . 24 | |||
| 5.3. Ignoring Set-Cookie Header Fields . . . . . . . . . . . . 25 | 5.3. Ignoring Set-Cookie Header Fields . . . . . . . . . . . . 25 | |||
| 5.4. Cookie Name Prefixes . . . . . . . . . . . . . . . . . . 25 | 5.4. Cookie Name Prefixes . . . . . . . . . . . . . . . . . . 26 | |||
| 5.5. Cookie Lifetime Limits . . . . . . . . . . . . . . . . . 27 | 5.5. Cookie Lifetime Limits . . . . . . . . . . . . . . . . . 27 | |||
| 5.6. The Set-Cookie Header Field . . . . . . . . . . . . . . . 27 | 5.6. The Set-Cookie Header Field . . . . . . . . . . . . . . . 27 | |||
| 5.6.1. The Expires Attribute . . . . . . . . . . . . . . . . 30 | 5.6.1. The Expires Attribute . . . . . . . . . . . . . . . . 30 | |||
| 5.6.2. The Max-Age Attribute . . . . . . . . . . . . . . . . 30 | 5.6.2. The Max-Age Attribute . . . . . . . . . . . . . . . . 30 | |||
| 5.6.3. The Domain Attribute . . . . . . . . . . . . . . . . 31 | 5.6.3. The Domain Attribute . . . . . . . . . . . . . . . . 31 | |||
| 5.6.4. The Path Attribute . . . . . . . . . . . . . . . . . 31 | 5.6.4. The Path Attribute . . . . . . . . . . . . . . . . . 31 | |||
| 5.6.5. The Secure Attribute . . . . . . . . . . . . . . . . 32 | 5.6.5. The Secure Attribute . . . . . . . . . . . . . . . . 32 | |||
| 5.6.6. The HttpOnly Attribute . . . . . . . . . . . . . . . 32 | 5.6.6. The HttpOnly Attribute . . . . . . . . . . . . . . . 32 | |||
| 5.6.7. The SameSite Attribute . . . . . . . . . . . . . . . 32 | 5.6.7. The SameSite Attribute . . . . . . . . . . . . . . . 32 | |||
| 5.7. Storage Model . . . . . . . . . . . . . . . . . . . . . . 34 | 5.7. Storage Model . . . . . . . . . . . . . . . . . . . . . . 34 | |||
| 5.8. Retrieval Model . . . . . . . . . . . . . . . . . . . . . 39 | 5.8. Retrieval Model . . . . . . . . . . . . . . . . . . . . . 40 | |||
| 5.8.1. The Cookie Header Field . . . . . . . . . . . . . . . 40 | 5.8.1. The Cookie Header Field . . . . . . . . . . . . . . . 40 | |||
| 5.8.2. Non-HTTP APIs . . . . . . . . . . . . . . . . . . . . 40 | 5.8.2. Non-HTTP APIs . . . . . . . . . . . . . . . . . . . . 40 | |||
| 5.8.3. Retrieval Algorithm . . . . . . . . . . . . . . . . . 41 | 5.8.3. Retrieval Algorithm . . . . . . . . . . . . . . . . . 41 | |||
| 6. Implementation Considerations . . . . . . . . . . . . . . . . 42 | 6. Implementation Considerations . . . . . . . . . . . . . . . . 43 | |||
| 6.1. Limits . . . . . . . . . . . . . . . . . . . . . . . . . 42 | 6.1. Limits . . . . . . . . . . . . . . . . . . . . . . . . . 43 | |||
| 6.2. Application Programming Interfaces . . . . . . . . . . . 43 | 6.2. Application Programming Interfaces . . . . . . . . . . . 43 | |||
| 6.3. IDNA Dependency and Migration . . . . . . . . . . . . . . 43 | 6.3. IDNA Dependency and Migration . . . . . . . . . . . . . . 44 | |||
| 7. Privacy Considerations . . . . . . . . . . . . . . . . . . . 44 | 7. Privacy Considerations . . . . . . . . . . . . . . . . . . . 44 | |||
| 7.1. Third-Party Cookies . . . . . . . . . . . . . . . . . . . 45 | 7.1. Third-Party Cookies . . . . . . . . . . . . . . . . . . . 45 | |||
| 7.2. Cookie Policy . . . . . . . . . . . . . . . . . . . . . . 45 | 7.2. Cookie Policy . . . . . . . . . . . . . . . . . . . . . . 46 | |||
| 7.3. User Controls . . . . . . . . . . . . . . . . . . . . . . 46 | 7.3. User Controls . . . . . . . . . . . . . . . . . . . . . . 46 | |||
| 7.4. Expiration Dates . . . . . . . . . . . . . . . . . . . . 46 | 7.4. Expiration Dates . . . . . . . . . . . . . . . . . . . . 46 | |||
| 8. Security Considerations . . . . . . . . . . . . . . . . . . . 46 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 47 | |||
| 8.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 46 | 8.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 47 | |||
| 8.2. Ambient Authority . . . . . . . . . . . . . . . . . . . . 47 | 8.2. Ambient Authority . . . . . . . . . . . . . . . . . . . . 47 | |||
| 8.3. Clear Text . . . . . . . . . . . . . . . . . . . . . . . 47 | 8.3. Clear Text . . . . . . . . . . . . . . . . . . . . . . . 48 | |||
| 8.4. Session Identifiers . . . . . . . . . . . . . . . . . . . 48 | 8.4. Session Identifiers . . . . . . . . . . . . . . . . . . . 49 | |||
| 8.5. Weak Confidentiality . . . . . . . . . . . . . . . . . . 49 | 8.5. Weak Confidentiality . . . . . . . . . . . . . . . . . . 49 | |||
| 8.6. Weak Integrity . . . . . . . . . . . . . . . . . . . . . 49 | 8.6. Weak Integrity . . . . . . . . . . . . . . . . . . . . . 50 | |||
| 8.7. Reliance on DNS . . . . . . . . . . . . . . . . . . . . . 50 | 8.7. Reliance on DNS . . . . . . . . . . . . . . . . . . . . . 51 | |||
| 8.8. SameSite Cookies . . . . . . . . . . . . . . . . . . . . 50 | 8.8. SameSite Cookies . . . . . . . . . . . . . . . . . . . . 51 | |||
| 8.8.1. Defense in depth . . . . . . . . . . . . . . . . . . 50 | 8.8.1. Defense in depth . . . . . . . . . . . . . . . . . . 51 | |||
| 8.8.2. Top-level Navigations . . . . . . . . . . . . . . . . 51 | 8.8.2. Top-level Navigations . . . . . . . . . . . . . . . . 51 | |||
| 8.8.3. Mashups and Widgets . . . . . . . . . . . . . . . . . 52 | 8.8.3. Mashups and Widgets . . . . . . . . . . . . . . . . . 52 | |||
| 8.8.4. Server-controlled . . . . . . . . . . . . . . . . . . 52 | 8.8.4. Server-controlled . . . . . . . . . . . . . . . . . . 52 | |||
| 8.8.5. Reload navigations . . . . . . . . . . . . . . . . . 52 | 8.8.5. Reload navigations . . . . . . . . . . . . . . . . . 53 | |||
| 8.8.6. Top-level requests with "unsafe" methods . . . . . . 53 | 8.8.6. Top-level requests with "unsafe" methods . . . . . . 53 | |||
| 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 54 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 54 | |||
| 9.1. Cookie . . . . . . . . . . . . . . . . . . . . . . . . . 54 | 9.1. Cookie . . . . . . . . . . . . . . . . . . . . . . . . . 54 | |||
| 9.2. Set-Cookie . . . . . . . . . . . . . . . . . . . . . . . 54 | 9.2. Set-Cookie . . . . . . . . . . . . . . . . . . . . . . . 54 | |||
| 9.3. Cookie Attribute Registry . . . . . . . . . . . . . . . . 54 | 9.3. Cookie Attribute Registry . . . . . . . . . . . . . . . . 55 | |||
| 9.3.1. Procedure . . . . . . . . . . . . . . . . . . . . . . 55 | 9.3.1. Procedure . . . . . . . . . . . . . . . . . . . . . . 55 | |||
| 9.3.2. Registration . . . . . . . . . . . . . . . . . . . . 55 | 9.3.2. Registration . . . . . . . . . . . . . . . . . . . . 55 | |||
| 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 55 | 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 55 | |||
| 10.1. Normative References . . . . . . . . . . . . . . . . . . 55 | 10.1. Normative References . . . . . . . . . . . . . . . . . . 56 | |||
| 10.2. Informative References . . . . . . . . . . . . . . . . . 57 | 10.2. Informative References . . . . . . . . . . . . . . . . . 57 | |||
| 10.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 59 | 10.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 59 | |||
| Appendix A. Changes from RFC 6265 . . . . . . . . . . . . . . . 59 | Appendix A. Changes from RFC 6265 . . . . . . . . . . . . . . . 59 | |||
| Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 60 | Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 60 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 60 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 61 | |||
| 1. Introduction | 1. Introduction | |||
| This document defines the HTTP Cookie and Set-Cookie header fields. | This document defines the HTTP Cookie and Set-Cookie header fields. | |||
| Using the Set-Cookie header field, an HTTP server can pass name/value | Using the Set-Cookie header field, an HTTP server can pass name/value | |||
| pairs and associated metadata (called cookies) to a user agent. When | pairs and associated metadata (called cookies) to a user agent. When | |||
| the user agent makes subsequent requests to the server, the user | the user agent makes subsequent requests to the server, the user | |||
| agent uses the metadata and other information to determine whether to | agent uses the metadata and other information to determine whether to | |||
| return the name/value pairs in the Cookie header field. | return the name/value pairs in the Cookie header field. | |||
| skipping to change at page 12, line 8 ¶ | skipping to change at page 12, line 8 ¶ | |||
| 4.1.1. Syntax | 4.1.1. Syntax | |||
| Informally, the Set-Cookie response header field contains a cookie, | Informally, the Set-Cookie response header field contains a cookie, | |||
| which begins with a name-value-pair, followed by zero or more | which begins with a name-value-pair, followed by zero or more | |||
| attribute-value pairs. Servers SHOULD NOT send Set-Cookie header | attribute-value pairs. Servers SHOULD NOT send Set-Cookie header | |||
| fields that fail to conform to the following grammar: | fields that fail to conform to the following grammar: | |||
| set-cookie = set-cookie-string | set-cookie = set-cookie-string | |||
| set-cookie-string = BWS cookie-pair *( BWS ";" OWS cookie-av ) | set-cookie-string = BWS cookie-pair *( BWS ";" OWS cookie-av ) | |||
| cookie-pair = cookie-name BWS "=" BWS cookie-value | cookie-pair = cookie-name BWS "=" BWS cookie-value | |||
| cookie-name = 1*cookie-octet | cookie-name = token | |||
| cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE ) | cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE ) | |||
| cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E | cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E | |||
| ; US-ASCII characters excluding CTLs, | ; US-ASCII characters excluding CTLs, | |||
| ; whitespace DQUOTE, comma, semicolon, | ; whitespace, DQUOTE, comma, semicolon, | |||
| ; and backslash | ; and backslash | |||
| token = <token, defined in [HTTP], Section 5.6.2> | ||||
| cookie-av = expires-av / max-age-av / domain-av / | cookie-av = expires-av / max-age-av / domain-av / | |||
| path-av / secure-av / httponly-av / | path-av / secure-av / httponly-av / | |||
| samesite-av / extension-av | samesite-av / extension-av | |||
| expires-av = "Expires" BWS "=" BWS sane-cookie-date | expires-av = "Expires" BWS "=" BWS sane-cookie-date | |||
| sane-cookie-date = | sane-cookie-date = | |||
| <IMF-fixdate, defined in [HTTP], Section 5.6.7> | <IMF-fixdate, defined in [HTTP], Section 5.6.7> | |||
| max-age-av = "Max-Age" BWS "=" BWS non-zero-digit *DIGIT | max-age-av = "Max-Age" BWS "=" BWS non-zero-digit *DIGIT | |||
| non-zero-digit = %x31-39 | non-zero-digit = %x31-39 | |||
| ; digits 1 through 9 | ; digits 1 through 9 | |||
| skipping to change at page 27, line 47 ¶ | skipping to change at page 28, line 6 ¶ | |||
| When a user agent receives a Set-Cookie header field in an HTTP | When a user agent receives a Set-Cookie header field in an HTTP | |||
| response, the user agent MAY ignore the Set-Cookie header field in | response, the user agent MAY ignore the Set-Cookie header field in | |||
| its entirety (see Section 5.3). | its entirety (see Section 5.3). | |||
| If the user agent does not ignore the Set-Cookie header field in its | If the user agent does not ignore the Set-Cookie header field in its | |||
| entirety, the user agent MUST parse the field-value of the Set-Cookie | entirety, the user agent MUST parse the field-value of the Set-Cookie | |||
| header field as a set-cookie-string (defined below). | header field as a set-cookie-string (defined below). | |||
| NOTE: The algorithm below is more permissive than the grammar in | NOTE: The algorithm below is more permissive than the grammar in | |||
| Section 4.1. For example, the algorithm strips leading and trailing | Section 4.1. For example, the algorithm allows cookie-name to be | |||
| comprised of cookie-octets instead of being a token as specified in | ||||
| Section 4.1 and the algorithm accommodates some characters that are | ||||
| not cookie-octets according to the grammar in Section 4.1. In | ||||
| addition, the algorithm below also strips leading and trailing | ||||
| whitespace from the cookie name and value (but maintains internal | whitespace from the cookie name and value (but maintains internal | |||
| whitespace), whereas the grammar in Section 4.1 forbids whitespace in | whitespace), whereas the grammar in Section 4.1 forbids whitespace in | |||
| these positions. In addition, the algorithm below accommodates some | these positions. User agents use this algorithm so as to | |||
| characters that are not cookie-octets according to the grammar in | interoperate with servers that do not follow the recommendations in | |||
| Section 4.1. User agents use this algorithm so as to interoperate | Section 4. | |||
| with servers that do not follow the recommendations in Section 4. | ||||
| NOTE: As set-cookie-string may originate from a non-HTTP API, it is | NOTE: As set-cookie-string may originate from a non-HTTP API, it is | |||
| not guaranteed to be free of CTL characters, so this algorithm | not guaranteed to be free of CTL characters, so this algorithm | |||
| handles them explicitly. Horizontal tab (%x09) is excluded from the | handles them explicitly. Horizontal tab (%x09) is excluded from the | |||
| CTL characters that lead to set-cookie-string rejection, as it is | CTL characters that lead to set-cookie-string rejection, as it is | |||
| considered whitespace, which is handled separately. | considered whitespace, which is handled separately. | |||
| NOTE: The set-cookie-string may contain octet sequences that appear | NOTE: The set-cookie-string may contain octet sequences that appear | |||
| percent-encoded as per Section 2.1 of [RFC3986]. However, a user | percent-encoded as per Section 2.1 of [RFC3986]. However, a user | |||
| agent MUST NOT decode these sequences and instead parse the | agent MUST NOT decode these sequences and instead parse the | |||
| skipping to change at page 57, line 5 ¶ | skipping to change at page 57, line 23 ¶ | |||
| [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | |||
| Writing an IANA Considerations Section in RFCs", BCP 26, | Writing an IANA Considerations Section in RFCs", BCP 26, | |||
| RFC 8126, DOI 10.17487/RFC8126, June 2017, | RFC 8126, DOI 10.17487/RFC8126, June 2017, | |||
| <https://www.rfc-editor.org/info/rfc8126>. | <https://www.rfc-editor.org/info/rfc8126>. | |||
| [SAMESITE] | [SAMESITE] | |||
| WHATWG, "HTML - Living Standard", January 2021, | WHATWG, "HTML - Living Standard", January 2021, | |||
| <https://html.spec.whatwg.org/#same-site>. | <https://html.spec.whatwg.org/#same-site>. | |||
| [SERVICE-WORKERS] | ||||
| Russell, A., Song, J., and J. Archibald, "Service | ||||
| Workers", n.d., <http://www.w3.org/TR/service-workers/>. | ||||
| [USASCII] American National Standards Institute, "Coded Character | [USASCII] American National Standards Institute, "Coded Character | |||
| Set -- 7-bit American Standard Code for Information | Set -- 7-bit American Standard Code for Information | |||
| Interchange", ANSI X3.4, 1986. | Interchange", ANSI X3.4, 1986. | |||
| 10.2. Informative References | 10.2. Informative References | |||
| [Aggarwal2010] | [Aggarwal2010] | |||
| Aggarwal, G., Burzstein, E., Jackson, C., and D. Boneh, | Aggarwal, G., Burzstein, E., Jackson, C., and D. Boneh, | |||
| "An Analysis of Private Browsing Modes in Modern | "An Analysis of Private Browsing Modes in Modern | |||
| Browsers", 2010, | Browsers", 2010, | |||
| skipping to change at page 58, line 50 ¶ | skipping to change at page 59, line 20 ¶ | |||
| Options", RFC 7034, DOI 10.17487/RFC7034, October 2013, | Options", RFC 7034, DOI 10.17487/RFC7034, October 2013, | |||
| <https://www.rfc-editor.org/info/rfc7034>. | <https://www.rfc-editor.org/info/rfc7034>. | |||
| [RFC9113] Thomson, M., Ed. and C. Benfield, Ed., "HTTP/2", RFC 9113, | [RFC9113] Thomson, M., Ed. and C. Benfield, Ed., "HTTP/2", RFC 9113, | |||
| DOI 10.17487/RFC9113, June 2022, | DOI 10.17487/RFC9113, June 2022, | |||
| <https://www.rfc-editor.org/info/rfc9113>. | <https://www.rfc-editor.org/info/rfc9113>. | |||
| [RFC9114] Bishop, M., Ed., "HTTP/3", RFC 9114, DOI 10.17487/RFC9114, | [RFC9114] Bishop, M., Ed., "HTTP/3", RFC 9114, DOI 10.17487/RFC9114, | |||
| June 2022, <https://www.rfc-editor.org/info/rfc9114>. | June 2022, <https://www.rfc-editor.org/info/rfc9114>. | |||
| [SERVICE-WORKERS] | ||||
| Archibald, J. and M. Kruisselbrink, "Service Workers", | ||||
| n.d., <https://www.w3.org/TR/service-workers/>. | ||||
| [UTS46] Davis, M. and M. Suignard, "Unicode IDNA Compatibility | [UTS46] Davis, M. and M. Suignard, "Unicode IDNA Compatibility | |||
| Processing", UNICODE Unicode Technical Standards # 46, | Processing", UNICODE Unicode Technical Standards # 46, | |||
| June 2016, <http://unicode.org/reports/tr46/>. | June 2016, <http://unicode.org/reports/tr46/>. | |||
| 10.3. URIs | 10.3. URIs | |||
| [1] https://www.iana.org/assignments/cookie-attribute-names | [1] https://www.iana.org/assignments/cookie-attribute-names | |||
| Appendix A. Changes from RFC 6265 | Appendix A. Changes from RFC 6265 | |||
| End of changes. 23 change blocks. | ||||
| 34 lines changed or deleted | 38 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||