8822 – should make cookie setting dependent on whether the document has a URL, not on whether it has a browsing context; and should fail silently (set does nothing, get returns "") when there isn't one.

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 8822 - should make cookie setting dependent on whether the document has a URL, not on whether it has a browsing context; and should fail silently (set does nothing, get returns "") when there isn't one.

Summary: should make cookie setting dependent on whether the document has a URL, not o...

Status:	RESOLVED FIXED

Alias:	None

Product:	HTML WG
Classification:	Unclassified
Component:	pre-LC1 HTML5 spec (editor: Ian Hickson) (show other bugs)
Version:	unspecified
Hardware:	Other other

Importance:	P3 normal
Target Milestone:	LC
Assignee:	Ian 'Hixie' Hickson
QA Contact:	HTML WG Bugzilla archive list

URL:	http://www.whatwg.org/specs/web-apps/...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-01-26 23:44 UTC by contributor
Modified:	2010-10-04 13:58 UTC (History)
CC List:	5 users (show)

See Also:

Attachments

Description contributor 2010-01-26 23:44:11 UTC

Section: http://www.whatwg.org/specs/web-apps/current-work/#dom-document-cookie

Comment:
should make cookie setting dependent on whether the document has a URL, not on
whether it has a browsing context; and should fail silently (set does nothing,
get returns "") when there isn't one.

Posted from: 216.239.45.4

Comment 1 Ian 'Hixie' Hickson 2010-02-14 03:49:23 UTC

This would imply that an XHR doc could have cookies set on it, but I can't find any UAs that allow that.

See also: https://bugs.webkit.org/show_bug.cgi?id=32115

Comment 2 Anne 2010-02-14 12:03:00 UTC

Per
http://dev.w3.org/2006/webapi/XMLHttpRequest-2/#document-response-entity-body
XMLHttpRequest returns the empty string for cookie but only for non same-origin
documents. It should always return the empty string however because we also
disallow access to Cookie headers. And setting should just be ignored.

I would prefer it if HTML5 could define this so all .cookie information is
self-contained.

Comment 3 Ian 'Hixie' Hickson 2010-02-18 05:47:09 UTC

EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are satisfied with this response, please change the state of this bug to CLOSED. If you have additional information and would like the editor to reconsider, please reopen this bug. If you would like to escalate the issue to the full HTML Working Group, please add the TrackerRequest keyword to this bug, and suggest title and text for the tracker issue; or you may create a tracker issue yourself, if you are able to do so. For more details, see this document:
   http://dev.w3.org/html5/decision-policy/decision-policy.html

Status: Accepted
Change Description: see diff given below
Rationale: Concurred with all the above comments.

Comment 4 contributor 2010-02-18 05:49:15 UTC

Checked in as WHATWG revision r4778.
Check-in comment: Redefine how .cookie is handled.
http://html5.org/tools/web-apps-tracker?from=4777&to=4778