draft-ietf-httpbis-rfc6265bis-15.txt | draft-ietf-httpbis-rfc6265bis-latest.txt | |||
---|---|---|---|---|
HTTP Working Group S. Bingler, Ed. | HTTP Working Group S. Bingler, Ed. | |||
Internet-Draft M. West, Ed. | Internet-Draft M. West, Ed. | |||
Obsoletes: 6265 (if approved) Google LLC | Obsoletes: 6265 (if approved) Google LLC | |||
Intended status: Standards Track J. Wilander, Ed. | Intended status: Standards Track J. Wilander, Ed. | |||
Expires: January 22, 2025 Apple, Inc | Expires: April 1, 2025 Apple, Inc | |||
July 21, 2024 | September 28, 2024 | |||
Cookies: HTTP State Management Mechanism | Cookies: HTTP State Management Mechanism | |||
draft-ietf-httpbis-rfc6265bis-15 | draft-ietf-httpbis-rfc6265bis-latest | |||
Abstract | Abstract | |||
This document defines the HTTP Cookie and Set-Cookie header fields. | This document defines the HTTP Cookie and Set-Cookie header fields. | |||
These header fields can be used by HTTP servers to store state | These header fields can be used by HTTP servers to store state | |||
(called cookies) at HTTP user agents, letting the servers maintain a | (called cookies) at HTTP user agents, letting the servers maintain a | |||
stateful session over the mostly stateless HTTP protocol. Although | stateful session over the mostly stateless HTTP protocol. Although | |||
cookies have many historical infelicities that degrade their security | cookies have many historical infelicities that degrade their security | |||
and privacy, the Cookie and Set-Cookie header fields are widely used | and privacy, the Cookie and Set-Cookie header fields are widely used | |||
on the Internet. This document obsoletes RFC 6265. | on the Internet. This document obsoletes RFC 6265. | |||
skipping to change at page 2, line 7 ¶ | skipping to change at page 2, line 7 ¶ | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on January 22, 2025. | This Internet-Draft will expire on April 1, 2025. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2024 IETF Trust and the persons identified as the | Copyright (c) 2024 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
skipping to change at page 3, line 7 ¶ | skipping to change at page 3, line 7 ¶ | |||
3.2. Which Requirements to Implement . . . . . . . . . . . . . 9 | 3.2. Which Requirements to Implement . . . . . . . . . . . . . 9 | |||
3.2.1. Cookie Producing Implementations . . . . . . . . . . 10 | 3.2.1. Cookie Producing Implementations . . . . . . . . . . 10 | |||
3.2.2. Cookie Consuming Implementations . . . . . . . . . . 10 | 3.2.2. Cookie Consuming Implementations . . . . . . . . . . 10 | |||
4. Server Requirements . . . . . . . . . . . . . . . . . . . . . 11 | 4. Server Requirements . . . . . . . . . . . . . . . . . . . . . 11 | |||
4.1. Set-Cookie . . . . . . . . . . . . . . . . . . . . . . . 11 | 4.1. Set-Cookie . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
4.1.1. Syntax . . . . . . . . . . . . . . . . . . . . . . . 11 | 4.1.1. Syntax . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
4.1.2. Semantics (Non-Normative) . . . . . . . . . . . . . . 13 | 4.1.2. Semantics (Non-Normative) . . . . . . . . . . . . . . 13 | |||
4.1.3. Cookie Name Prefixes . . . . . . . . . . . . . . . . 16 | 4.1.3. Cookie Name Prefixes . . . . . . . . . . . . . . . . 16 | |||
4.2. Cookie . . . . . . . . . . . . . . . . . . . . . . . . . 18 | 4.2. Cookie . . . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
4.2.1. Syntax . . . . . . . . . . . . . . . . . . . . . . . 18 | 4.2.1. Syntax . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
4.2.2. Semantics . . . . . . . . . . . . . . . . . . . . . . 18 | 4.2.2. Semantics . . . . . . . . . . . . . . . . . . . . . . 19 | |||
5. User Agent Requirements . . . . . . . . . . . . . . . . . . . 19 | 5. User Agent Requirements . . . . . . . . . . . . . . . . . . . 19 | |||
5.1. Subcomponent Algorithms . . . . . . . . . . . . . . . . . 19 | 5.1. Subcomponent Algorithms . . . . . . . . . . . . . . . . . 19 | |||
5.1.1. Dates . . . . . . . . . . . . . . . . . . . . . . . . 19 | 5.1.1. Dates . . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
5.1.2. Canonicalized Host Names . . . . . . . . . . . . . . 21 | 5.1.2. Canonicalized Host Names . . . . . . . . . . . . . . 21 | |||
5.1.3. Domain Matching . . . . . . . . . . . . . . . . . . . 22 | 5.1.3. Domain Matching . . . . . . . . . . . . . . . . . . . 22 | |||
5.1.4. Paths and Path-Match . . . . . . . . . . . . . . . . 22 | 5.1.4. Paths and Path-Match . . . . . . . . . . . . . . . . 22 | |||
5.2. "Same-site" and "cross-site" Requests . . . . . . . . . . 23 | 5.2. "Same-site" and "cross-site" Requests . . . . . . . . . . 23 | |||
5.2.1. Document-based requests . . . . . . . . . . . . . . . 23 | 5.2.1. Document-based requests . . . . . . . . . . . . . . . 23 | |||
5.2.2. Worker-based requests . . . . . . . . . . . . . . . . 24 | 5.2.2. Worker-based requests . . . . . . . . . . . . . . . . 24 | |||
5.3. Ignoring Set-Cookie Header Fields . . . . . . . . . . . . 25 | 5.3. Ignoring Set-Cookie Header Fields . . . . . . . . . . . . 25 | |||
5.4. Cookie Name Prefixes . . . . . . . . . . . . . . . . . . 25 | 5.4. Cookie Name Prefixes . . . . . . . . . . . . . . . . . . 26 | |||
5.5. Cookie Lifetime Limits . . . . . . . . . . . . . . . . . 27 | 5.5. Cookie Lifetime Limits . . . . . . . . . . . . . . . . . 27 | |||
5.6. The Set-Cookie Header Field . . . . . . . . . . . . . . . 27 | 5.6. The Set-Cookie Header Field . . . . . . . . . . . . . . . 27 | |||
5.6.1. The Expires Attribute . . . . . . . . . . . . . . . . 30 | 5.6.1. The Expires Attribute . . . . . . . . . . . . . . . . 30 | |||
5.6.2. The Max-Age Attribute . . . . . . . . . . . . . . . . 30 | 5.6.2. The Max-Age Attribute . . . . . . . . . . . . . . . . 30 | |||
5.6.3. The Domain Attribute . . . . . . . . . . . . . . . . 31 | 5.6.3. The Domain Attribute . . . . . . . . . . . . . . . . 31 | |||
5.6.4. The Path Attribute . . . . . . . . . . . . . . . . . 31 | 5.6.4. The Path Attribute . . . . . . . . . . . . . . . . . 31 | |||
5.6.5. The Secure Attribute . . . . . . . . . . . . . . . . 32 | 5.6.5. The Secure Attribute . . . . . . . . . . . . . . . . 32 | |||
5.6.6. The HttpOnly Attribute . . . . . . . . . . . . . . . 32 | 5.6.6. The HttpOnly Attribute . . . . . . . . . . . . . . . 32 | |||
5.6.7. The SameSite Attribute . . . . . . . . . . . . . . . 32 | 5.6.7. The SameSite Attribute . . . . . . . . . . . . . . . 32 | |||
5.7. Storage Model . . . . . . . . . . . . . . . . . . . . . . 34 | 5.7. Storage Model . . . . . . . . . . . . . . . . . . . . . . 34 | |||
5.8. Retrieval Model . . . . . . . . . . . . . . . . . . . . . 39 | 5.8. Retrieval Model . . . . . . . . . . . . . . . . . . . . . 40 | |||
5.8.1. The Cookie Header Field . . . . . . . . . . . . . . . 40 | 5.8.1. The Cookie Header Field . . . . . . . . . . . . . . . 40 | |||
5.8.2. Non-HTTP APIs . . . . . . . . . . . . . . . . . . . . 40 | 5.8.2. Non-HTTP APIs . . . . . . . . . . . . . . . . . . . . 40 | |||
5.8.3. Retrieval Algorithm . . . . . . . . . . . . . . . . . 41 | 5.8.3. Retrieval Algorithm . . . . . . . . . . . . . . . . . 41 | |||
6. Implementation Considerations . . . . . . . . . . . . . . . . 42 | 6. Implementation Considerations . . . . . . . . . . . . . . . . 43 | |||
6.1. Limits . . . . . . . . . . . . . . . . . . . . . . . . . 42 | 6.1. Limits . . . . . . . . . . . . . . . . . . . . . . . . . 43 | |||
6.2. Application Programming Interfaces . . . . . . . . . . . 43 | 6.2. Application Programming Interfaces . . . . . . . . . . . 43 | |||
6.3. IDNA Dependency and Migration . . . . . . . . . . . . . . 43 | 6.3. IDNA Dependency and Migration . . . . . . . . . . . . . . 44 | |||
7. Privacy Considerations . . . . . . . . . . . . . . . . . . . 44 | 7. Privacy Considerations . . . . . . . . . . . . . . . . . . . 44 | |||
7.1. Third-Party Cookies . . . . . . . . . . . . . . . . . . . 45 | 7.1. Third-Party Cookies . . . . . . . . . . . . . . . . . . . 45 | |||
7.2. Cookie Policy . . . . . . . . . . . . . . . . . . . . . . 45 | 7.2. Cookie Policy . . . . . . . . . . . . . . . . . . . . . . 46 | |||
7.3. User Controls . . . . . . . . . . . . . . . . . . . . . . 46 | 7.3. User Controls . . . . . . . . . . . . . . . . . . . . . . 46 | |||
7.4. Expiration Dates . . . . . . . . . . . . . . . . . . . . 46 | 7.4. Expiration Dates . . . . . . . . . . . . . . . . . . . . 46 | |||
8. Security Considerations . . . . . . . . . . . . . . . . . . . 46 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 47 | |||
8.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 46 | 8.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 47 | |||
8.2. Ambient Authority . . . . . . . . . . . . . . . . . . . . 47 | 8.2. Ambient Authority . . . . . . . . . . . . . . . . . . . . 47 | |||
8.3. Clear Text . . . . . . . . . . . . . . . . . . . . . . . 47 | 8.3. Clear Text . . . . . . . . . . . . . . . . . . . . . . . 48 | |||
8.4. Session Identifiers . . . . . . . . . . . . . . . . . . . 48 | 8.4. Session Identifiers . . . . . . . . . . . . . . . . . . . 49 | |||
8.5. Weak Confidentiality . . . . . . . . . . . . . . . . . . 49 | 8.5. Weak Confidentiality . . . . . . . . . . . . . . . . . . 49 | |||
8.6. Weak Integrity . . . . . . . . . . . . . . . . . . . . . 49 | 8.6. Weak Integrity . . . . . . . . . . . . . . . . . . . . . 50 | |||
8.7. Reliance on DNS . . . . . . . . . . . . . . . . . . . . . 50 | 8.7. Reliance on DNS . . . . . . . . . . . . . . . . . . . . . 51 | |||
8.8. SameSite Cookies . . . . . . . . . . . . . . . . . . . . 50 | 8.8. SameSite Cookies . . . . . . . . . . . . . . . . . . . . 51 | |||
8.8.1. Defense in depth . . . . . . . . . . . . . . . . . . 50 | 8.8.1. Defense in depth . . . . . . . . . . . . . . . . . . 51 | |||
8.8.2. Top-level Navigations . . . . . . . . . . . . . . . . 51 | 8.8.2. Top-level Navigations . . . . . . . . . . . . . . . . 51 | |||
8.8.3. Mashups and Widgets . . . . . . . . . . . . . . . . . 52 | 8.8.3. Mashups and Widgets . . . . . . . . . . . . . . . . . 52 | |||
8.8.4. Server-controlled . . . . . . . . . . . . . . . . . . 52 | 8.8.4. Server-controlled . . . . . . . . . . . . . . . . . . 52 | |||
8.8.5. Reload navigations . . . . . . . . . . . . . . . . . 52 | 8.8.5. Reload navigations . . . . . . . . . . . . . . . . . 53 | |||
8.8.6. Top-level requests with "unsafe" methods . . . . . . 53 | 8.8.6. Top-level requests with "unsafe" methods . . . . . . 53 | |||
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 54 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 54 | |||
9.1. Cookie . . . . . . . . . . . . . . . . . . . . . . . . . 54 | 9.1. Cookie . . . . . . . . . . . . . . . . . . . . . . . . . 54 | |||
9.2. Set-Cookie . . . . . . . . . . . . . . . . . . . . . . . 54 | 9.2. Set-Cookie . . . . . . . . . . . . . . . . . . . . . . . 54 | |||
9.3. Cookie Attribute Registry . . . . . . . . . . . . . . . . 54 | 9.3. Cookie Attribute Registry . . . . . . . . . . . . . . . . 55 | |||
9.3.1. Procedure . . . . . . . . . . . . . . . . . . . . . . 55 | 9.3.1. Procedure . . . . . . . . . . . . . . . . . . . . . . 55 | |||
9.3.2. Registration . . . . . . . . . . . . . . . . . . . . 55 | 9.3.2. Registration . . . . . . . . . . . . . . . . . . . . 55 | |||
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 55 | 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 55 | |||
10.1. Normative References . . . . . . . . . . . . . . . . . . 55 | 10.1. Normative References . . . . . . . . . . . . . . . . . . 56 | |||
10.2. Informative References . . . . . . . . . . . . . . . . . 57 | 10.2. Informative References . . . . . . . . . . . . . . . . . 57 | |||
10.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 59 | 10.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 59 | |||
Appendix A. Changes from RFC 6265 . . . . . . . . . . . . . . . 59 | Appendix A. Changes from RFC 6265 . . . . . . . . . . . . . . . 59 | |||
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 60 | Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 60 | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 60 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 61 | |||
1. Introduction | 1. Introduction | |||
This document defines the HTTP Cookie and Set-Cookie header fields. | This document defines the HTTP Cookie and Set-Cookie header fields. | |||
Using the Set-Cookie header field, an HTTP server can pass name/value | Using the Set-Cookie header field, an HTTP server can pass name/value | |||
pairs and associated metadata (called cookies) to a user agent. When | pairs and associated metadata (called cookies) to a user agent. When | |||
the user agent makes subsequent requests to the server, the user | the user agent makes subsequent requests to the server, the user | |||
agent uses the metadata and other information to determine whether to | agent uses the metadata and other information to determine whether to | |||
return the name/value pairs in the Cookie header field. | return the name/value pairs in the Cookie header field. | |||
skipping to change at page 12, line 8 ¶ | skipping to change at page 12, line 8 ¶ | |||
4.1.1. Syntax | 4.1.1. Syntax | |||
Informally, the Set-Cookie response header field contains a cookie, | Informally, the Set-Cookie response header field contains a cookie, | |||
which begins with a name-value-pair, followed by zero or more | which begins with a name-value-pair, followed by zero or more | |||
attribute-value pairs. Servers SHOULD NOT send Set-Cookie header | attribute-value pairs. Servers SHOULD NOT send Set-Cookie header | |||
fields that fail to conform to the following grammar: | fields that fail to conform to the following grammar: | |||
set-cookie = set-cookie-string | set-cookie = set-cookie-string | |||
set-cookie-string = BWS cookie-pair *( BWS ";" OWS cookie-av ) | set-cookie-string = BWS cookie-pair *( BWS ";" OWS cookie-av ) | |||
cookie-pair = cookie-name BWS "=" BWS cookie-value | cookie-pair = cookie-name BWS "=" BWS cookie-value | |||
cookie-name = 1*cookie-octet | cookie-name = token | |||
cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE ) | cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE ) | |||
cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E | cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E | |||
; US-ASCII characters excluding CTLs, | ; US-ASCII characters excluding CTLs, | |||
; whitespace DQUOTE, comma, semicolon, | ; whitespace, DQUOTE, comma, semicolon, | |||
; and backslash | ; and backslash | |||
token = <token, defined in [RFC7230], Section 3.2.6> | ||||
cookie-av = expires-av / max-age-av / domain-av / | cookie-av = expires-av / max-age-av / domain-av / | |||
path-av / secure-av / httponly-av / | path-av / secure-av / httponly-av / | |||
samesite-av / extension-av | samesite-av / extension-av | |||
expires-av = "Expires" BWS "=" BWS sane-cookie-date | expires-av = "Expires" BWS "=" BWS sane-cookie-date | |||
sane-cookie-date = | sane-cookie-date = | |||
<IMF-fixdate, defined in [HTTP], Section 5.6.7> | <IMF-fixdate, defined in [HTTP], Section 5.6.7> | |||
max-age-av = "Max-Age" BWS "=" BWS non-zero-digit *DIGIT | max-age-av = "Max-Age" BWS "=" BWS non-zero-digit *DIGIT | |||
non-zero-digit = %x31-39 | non-zero-digit = %x31-39 | |||
; digits 1 through 9 | ; digits 1 through 9 | |||
skipping to change at page 27, line 47 ¶ | skipping to change at page 28, line 6 ¶ | |||
When a user agent receives a Set-Cookie header field in an HTTP | When a user agent receives a Set-Cookie header field in an HTTP | |||
response, the user agent MAY ignore the Set-Cookie header field in | response, the user agent MAY ignore the Set-Cookie header field in | |||
its entirety (see Section 5.3). | its entirety (see Section 5.3). | |||
If the user agent does not ignore the Set-Cookie header field in its | If the user agent does not ignore the Set-Cookie header field in its | |||
entirety, the user agent MUST parse the field-value of the Set-Cookie | entirety, the user agent MUST parse the field-value of the Set-Cookie | |||
header field as a set-cookie-string (defined below). | header field as a set-cookie-string (defined below). | |||
NOTE: The algorithm below is more permissive than the grammar in | NOTE: The algorithm below is more permissive than the grammar in | |||
Section 4.1. For example, the algorithm strips leading and trailing | Section 4.1. For example, the algorithm allows cookie-name to be | |||
comprised of cookie-octets instead of being a token as specified in | ||||
Section 4.1 and the algorithm accommodates some characters that are | ||||
not cookie-octets according to the grammar in Section 4.1. In | ||||
addition, the algorithm below also strips leading and trailing | ||||
whitespace from the cookie name and value (but maintains internal | whitespace from the cookie name and value (but maintains internal | |||
whitespace), whereas the grammar in Section 4.1 forbids whitespace in | whitespace), whereas the grammar in Section 4.1 forbids whitespace in | |||
these positions. In addition, the algorithm below accommodates some | these positions. User agents use this algorithm so as to | |||
characters that are not cookie-octets according to the grammar in | interoperate with servers that do not follow the recommendations in | |||
Section 4.1. User agents use this algorithm so as to interoperate | Section 4. | |||
with servers that do not follow the recommendations in Section 4. | ||||
NOTE: As set-cookie-string may originate from a non-HTTP API, it is | NOTE: As set-cookie-string may originate from a non-HTTP API, it is | |||
not guaranteed to be free of CTL characters, so this algorithm | not guaranteed to be free of CTL characters, so this algorithm | |||
handles them explicitly. Horizontal tab (%x09) is excluded from the | handles them explicitly. Horizontal tab (%x09) is excluded from the | |||
CTL characters that lead to set-cookie-string rejection, as it is | CTL characters that lead to set-cookie-string rejection, as it is | |||
considered whitespace, which is handled separately. | considered whitespace, which is handled separately. | |||
NOTE: The set-cookie-string may contain octet sequences that appear | NOTE: The set-cookie-string may contain octet sequences that appear | |||
percent-encoded as per Section 2.1 of [RFC3986]. However, a user | percent-encoded as per Section 2.1 of [RFC3986]. However, a user | |||
agent MUST NOT decode these sequences and instead parse the | agent MUST NOT decode these sequences and instead parse the | |||
skipping to change at page 57, line 5 ¶ | skipping to change at page 57, line 23 ¶ | |||
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | |||
Writing an IANA Considerations Section in RFCs", BCP 26, | Writing an IANA Considerations Section in RFCs", BCP 26, | |||
RFC 8126, DOI 10.17487/RFC8126, June 2017, | RFC 8126, DOI 10.17487/RFC8126, June 2017, | |||
<https://www.rfc-editor.org/info/rfc8126>. | <https://www.rfc-editor.org/info/rfc8126>. | |||
[SAMESITE] | [SAMESITE] | |||
WHATWG, "HTML - Living Standard", January 2021, | WHATWG, "HTML - Living Standard", January 2021, | |||
<https://html.spec.whatwg.org/#same-site>. | <https://html.spec.whatwg.org/#same-site>. | |||
[SERVICE-WORKERS] | ||||
Russell, A., Song, J., and J. Archibald, "Service | ||||
Workers", n.d., <http://www.w3.org/TR/service-workers/>. | ||||
[USASCII] American National Standards Institute, "Coded Character | [USASCII] American National Standards Institute, "Coded Character | |||
Set -- 7-bit American Standard Code for Information | Set -- 7-bit American Standard Code for Information | |||
Interchange", ANSI X3.4, 1986. | Interchange", ANSI X3.4, 1986. | |||
10.2. Informative References | 10.2. Informative References | |||
[Aggarwal2010] | [Aggarwal2010] | |||
Aggarwal, G., Burzstein, E., Jackson, C., and D. Boneh, | Aggarwal, G., Burzstein, E., Jackson, C., and D. Boneh, | |||
"An Analysis of Private Browsing Modes in Modern | "An Analysis of Private Browsing Modes in Modern | |||
Browsers", 2010, | Browsers", 2010, | |||
skipping to change at page 58, line 50 ¶ | skipping to change at page 59, line 20 ¶ | |||
Options", RFC 7034, DOI 10.17487/RFC7034, October 2013, | Options", RFC 7034, DOI 10.17487/RFC7034, October 2013, | |||
<https://www.rfc-editor.org/info/rfc7034>. | <https://www.rfc-editor.org/info/rfc7034>. | |||
[RFC9113] Thomson, M., Ed. and C. Benfield, Ed., "HTTP/2", RFC 9113, | [RFC9113] Thomson, M., Ed. and C. Benfield, Ed., "HTTP/2", RFC 9113, | |||
DOI 10.17487/RFC9113, June 2022, | DOI 10.17487/RFC9113, June 2022, | |||
<https://www.rfc-editor.org/info/rfc9113>. | <https://www.rfc-editor.org/info/rfc9113>. | |||
[RFC9114] Bishop, M., Ed., "HTTP/3", RFC 9114, DOI 10.17487/RFC9114, | [RFC9114] Bishop, M., Ed., "HTTP/3", RFC 9114, DOI 10.17487/RFC9114, | |||
June 2022, <https://www.rfc-editor.org/info/rfc9114>. | June 2022, <https://www.rfc-editor.org/info/rfc9114>. | |||
[SERVICE-WORKERS] | ||||
Archibald, J. and M. Kruisselbrink, "Service Workers", | ||||
n.d., <https://www.w3.org/TR/service-workers/>. | ||||
[UTS46] Davis, M. and M. Suignard, "Unicode IDNA Compatibility | [UTS46] Davis, M. and M. Suignard, "Unicode IDNA Compatibility | |||
Processing", UNICODE Unicode Technical Standards # 46, | Processing", UNICODE Unicode Technical Standards # 46, | |||
June 2016, <http://unicode.org/reports/tr46/>. | June 2016, <http://unicode.org/reports/tr46/>. | |||
10.3. URIs | 10.3. URIs | |||
[1] https://www.iana.org/assignments/cookie-attribute-names | [1] https://www.iana.org/assignments/cookie-attribute-names | |||
Appendix A. Changes from RFC 6265 | Appendix A. Changes from RFC 6265 | |||
End of changes. 23 change blocks. | ||||
34 lines changed or deleted | 38 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |