Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update wording on "response headers" in privacy section to disambiguate from traceresponse headers. #487

Closed
kalyanaj opened this issue Apr 26, 2022 · 1 comment · Fixed by #491
Closed

Update wording on "response headers" in privacy section to disambiguate from traceresponse headers. #487

kalyanaj opened this issue Apr 26, 2022 · 1 comment · Fixed by #491
Assignees
@kalyanaj

Comments

@kalyanaj
Copy link
Contributor

Should we remove this from the Level 1 spec?

Section 6.3 in https://www.w3.org/TR/trace-context/?msclkid=8fb94facc59711eca3572297845ae7e1#other-risks
"When vendors include traceparent and tracestate headers in responses, these values may inadvertently be passed to cross-origin callers. Vendors should ensure that they include only these response headers when responding to systems that participated in the trace."

Assigning to Philippe per our discussion in the WG meeting today for checking if this can be an editorial change.
@kalyanaj kalyanaj mentioned this issue Apr 26, 2022
Merged
@kalyanaj kalyanaj assigned kalyanaj and unassigned plehegar Sep 13, 2022
@kalyanaj
Copy link
Contributor Author

Daniel pointed out that the above wording is for any responses that include the above information (and not necessarily pointing to the response headers we want to standardize going forward). Per the discussion in the WG meeting, I will update the second sentence (in the current draft, not in Level 1) to remove the wording "response headers" to something like "responses" or response values.

@kalyanaj kalyanaj changed the title The Level 1 spec talks about risks related to response headers in privacy section, but response headers are not part of this version Update wording on "response headers" in privacy section to disambiguate from traceresponse headers. Sep 26, 2022
kalyanaj added a commit to kalyanaj/trace-context that referenced this issue Sep 26, 2022
@kalyanaj
Resolves w3c#487
3f119fc
@kalyanaj kalyanaj mentioned this issue Sep 26, 2022
Merged
kalyanaj added a commit that referenced this issue Nov 22, 2022
@kalyanaj
Resolves #487: Update wording on "response headers" in privacy sectio…
f9d9e05 
…n to disambiguate from traceresponse headers. (#491)

* Resolves #487

* Update spec/50-privacy.md

* Incorporate feedback from Bastian
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kalyanaj kalyanaj

Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@plehegar @kalyanaj