From 008b746ecc878605851ce9f3ab3f7f28c6eccf13 Mon Sep 17 00:00:00 2001 From: Anne van Kesteren Date: Thu, 7 Aug 2025 16:53:12 +0200 Subject: [PATCH 1/3] Default empty string paths to URL's path Also correct the algorithm as it incorrectly assumed that path could be null when in fact it's always a string. Tests: ... Closes #242. --- index.bs | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/index.bs b/index.bs index 260d5a6..b75b72e 100644 --- a/index.bs +++ b/index.bs @@ -1086,13 +1086,12 @@ run the following steps: 1. If the [=byte sequence=] [=byte sequence/length=] of |encodedDomain| is greater than the [=cookie/maximum attribute value size=], then return failure. 1. [=list/Append=] \``Domain`\`/|encodedDomain| to |attributes|. 1. If |expires| is given, then [=list/append=] \``Expires`\`/|expires| ([=date serialized=]) to |attributes|. -1. If |path| is not null: - 1. If |path| does not start with U+002F (/), then return failure. - 1. If |path| is not U+002F (/), and |name|, [=byte-lowercased=], [=byte sequence/starts with=] \``__host-`\`, then return failure. - 1. Let |encodedPath| be the result of [=UTF-8 encode|UTF-8 encoding=] |path|. - 1. If the [=byte sequence=] [=byte sequence/length=] of |encodedPath| is greater than the [=cookie/maximum attribute value size=], then return failure. - 1. [=list/Append=] \``Path`\`/|encodedPath| to |attributes|. -1. Otherwise, [=list/append=] \``Path`\`/ U+002F (/) to |attributes|. +1. If |path| is the empty string, then set |path| to the [=URL path serialization=] of |url|. +1. If |path| does not start with U+002F (/), then return failure. +1. If |path| is not U+002F (/), and |name|, [=byte-lowercased=], [=byte sequence/starts with=] \``__host-`\`, then return failure. +1. Let |encodedPath| be the result of [=UTF-8 encode|UTF-8 encoding=] |path|. +1. If the [=byte sequence=] [=byte sequence/length=] of |encodedPath| is greater than the [=cookie/maximum attribute value size=], then return failure. +1. [=list/Append=] \``Path`\`/|encodedPath| to |attributes|. 1. [=list/Append=] \``Secure`\`/\`\` to |attributes|. 1. Switch on |sameSite|:
From 3cda30e69184eb10aa73306f2b36324e8ba2abb4 Mon Sep 17 00:00:00 2001 From: Anne van Kesteren Date: Thu, 7 Aug 2025 16:56:10 +0200 Subject: [PATCH 2/3] Update index.bs --- index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.bs b/index.bs index b75b72e..ccc9428 100644 --- a/index.bs +++ b/index.bs @@ -1086,7 +1086,7 @@ run the following steps: 1. If the [=byte sequence=] [=byte sequence/length=] of |encodedDomain| is greater than the [=cookie/maximum attribute value size=], then return failure. 1. [=list/Append=] \``Domain`\`/|encodedDomain| to |attributes|. 1. If |expires| is given, then [=list/append=] \``Expires`\`/|expires| ([=date serialized=]) to |attributes|. -1. If |path| is the empty string, then set |path| to the [=URL path serialization=] of |url|. +1. If |path| is the empty string, then set |path| to the [=/URL path serializer|URL path serialization=] of |url|. 1. If |path| does not start with U+002F (/), then return failure. 1. If |path| is not U+002F (/), and |name|, [=byte-lowercased=], [=byte sequence/starts with=] \``__host-`\`, then return failure. 1. Let |encodedPath| be the result of [=UTF-8 encode|UTF-8 encoding=] |path|. From 7f81ad76375964ed43c68e8ae3ca2f4a81f8c8d5 Mon Sep 17 00:00:00 2001 From: Anne van Kesteren Date: Tue, 12 Aug 2025 18:17:02 +0200 Subject: [PATCH 3/3] Use https://github.com/whatwg/fetch/pull/1848 --- index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.bs b/index.bs index ccc9428..f403f32 100644 --- a/index.bs +++ b/index.bs @@ -1086,7 +1086,7 @@ run the following steps: 1. If the [=byte sequence=] [=byte sequence/length=] of |encodedDomain| is greater than the [=cookie/maximum attribute value size=], then return failure. 1. [=list/Append=] \``Domain`\`/|encodedDomain| to |attributes|. 1. If |expires| is given, then [=list/append=] \``Expires`\`/|expires| ([=date serialized=]) to |attributes|. -1. If |path| is the empty string, then set |path| to the [=/URL path serializer|URL path serialization=] of |url|. +1. If |path| is the empty string, then set |path| to the [=/serialized cookie default path=] of |url|. 1. If |path| does not start with U+002F (/), then return failure. 1. If |path| is not U+002F (/), and |name|, [=byte-lowercased=], [=byte sequence/starts with=] \``__host-`\`, then return failure. 1. Let |encodedPath| be the result of [=UTF-8 encode|UTF-8 encoding=] |path|.