RFC6265bis: '__Host-' requires explicit 'Path=/'. Closes #222.

httpwg · Aug 7, 2017 · 09beb95 · 09beb95
1 parent 5119073
commit 09beb95
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/draft-ietf-httpbis-rfc6265bis.md b/draft-ietf-httpbis-rfc6265bis.md
@@ -1445,7 +1445,8 @@ user agent MUST process the cookie as follows:
 
     2.  The cookie's host-only-flag is true.
 
-    3.  The cookie's path is `/`.
+    3.  The cookie-attribute-list contains an attribute with an attribute-name
+        of "Path", and the cookie's path is `/`.
 
 17. If the cookie store contains a cookie with the same name, domain, and
     path as the newly-created cookie:
@@ -2018,6 +2019,8 @@ Specification document:
 *  Merged the recommendations from {{I-D.ietf-httpbis-cookie-same-site}}, adding
    support for the `SameSite` attribute.
 
+*  Clarified that a `Path` attribute is required for `__Host-` cookie prefixes.
+
 # Acknowledgements
 
 This document is a minor update of RFC 6265, adding small features, and