[whatwg] A document's cookie context
Adam Barth
whatwg at adambarth.com
Fri Jun 13 23:31:11 PDT 2008
The current draft of the spec doesn't specify how to compute the
cookie context for a document. Here is how to compute it:
A document's cookie context can be represented as a URI and largely
(but not exactly) follows the document's origin.
1) If the document does not have a browsing context (e.g., it was
retrieved via XMLHttpRequest or created using createDocument) then
it's cookie context is "" or about:blank (or whatever you prefer for
"I don't have a cookie context").
2) If the document was served over the network and has an address that
uses a URI scheme with a server-based naming authority, then the
document's cookie context is that URI.
3) If the document has the URI about:blank or "", then, like the
origin, the document's cooke context is the cookie context of the
parent browsing context (if it has a parent) or the cookie context of
the opener browsing context (if it has an opener but no parent).
Failing that, the document's cookie context is about:blank or "" (or
whatever you prefer for "I don't have a cookie context").
This is available in code form at <http://trac.webkit.org/changeset/34505>.
Adam
More information about the whatwg
mailing list