| 09:42 | <misty1peters2022> | Two.txt |
| 12:03 | <Andreu Botella> | Why is it that Set-Cookie headers are never exposed on Response objects? |
| 12:04 | <Andreu Botella> | https://jakearchibald.com/2021/cors/ says this is to avoid leaking cookies across sites, but that doesn't explain why they're not exposed even for same-origin fetches (since you can observe the cookies either way with document.cookie) |
| 12:06 | <Andreu Botella> | I'm also not convinced it would leak anything for third-party origins/sites, since the request is made without credentials, and any Set-Cookie headers wouldn't make it into the cookie jar either way |
| 12:08 | <Andreu Botella> | Same for not allowing authors to add Cookie headers to requests |
| 12:08 | <Andreu Botella> | A use case for allowing it would be "faking" a third-party-site/origin cookie jar |
| 12:38 | <annevk> | Andreu Botella: are you familiar with HttpOnly cookies? |
| 12:38 | <Andreu Botella> | oh, that's right |
| 12:47 | <Andreu Botella> | I'd completely forgotten HttpOnly cookies existed 😅 |
| 13:35 | <annevk> | HTML has this note under reflecting of an unrestricted double: "The values Infinity and Not-a-Number (NaN) values throw an exception on setting, as defined in Web IDL." |
| 13:35 | <annevk> | I guess that's wrong given https://webidl.spec.whatwg.org/#es-unrestricted-double? |
| 13:37 | <annevk> | Wow, unrestricted double is older than I thought, Hixie-era |
| 13:44 | <annevk> | Well, there are no reflected attributes using it, so I guess I'll remove it |
| 16:08 | <annevk> | Can I interest anyone else in reviewing a refactor of reflection? Domenic did a couple earlier rounds and I just did self-review: https://github.com/whatwg/html/pull/8496 |
| 16:09 | <annevk> | Also, if someone can come up with enumerated attribute IDL syntax for https://github.com/whatwg/html/issues/3238 that would be really cool |
| 17:04 | <Jake Archibald> | annevk: the service worker spec wants to abort one fetch if another is aborted. Right now it's referring to [=fetch controller/state=] which isn't exported. Should I create a PR to export that, or is there a 'proper' way to listen for that state change? |
| 17:08 | <Jake Archibald> | https://github.com/whatwg/fetch/pull/1608 PR for that |
| 17:10 | <Yagiz Nizipli> | For anybody interested, I'm trying to bench all existing WHATWG supported URL parsers in Ada. I've added servo/url, whatwg (c++), curl. Do you know any other available standard compliant parsers? Referencing: https://github.com/ada-url/ada/pull/223 |
| 17:11 | <Yagiz Nizipli> | (Curl does not follow whatwg, but widely used) |
| 17:12 | <annevk> | I think curl isn't interested in complying with any spec... But does like to make a lot of noise whenever following the WHATWG would have helped them. |
| 17:12 | <Yagiz Nizipli> | Yes, Curl is following RFC 3986 with additional quirks |
| 17:28 | <annevk> | It is? I thought it was mostly garbage in, garbage out |
| 17:29 | <Yagiz Nizipli> | Referencing docs: "curl recognizes a URL syntax that we call "RFC 3986 plus". - https://curl.se/docs/url-syntax.html |
| 17:30 | <annevk> | rego: smaug: would appreciate your input on https://github.com/whatwg/html/issues/8545 |
| 17:39 | <zcorpan> | annevk: the expando surviving or not surviving could be done similarly to https://dom.spec.whatwg.org/#concept-getelementsbytagname ? i.e. allow it to be GCed even if it has an expando |
| 17:41 | <annevk> | zcorpan: that makes GC observable and ideally we wouldn't do that I think |
| 18:23 | <zcorpan> | annevk: right |