Skip to content

Commit 6da402d

Browse files
sbinglersbingler
authored
RFC6265bis: Remove "infelicities"
Replaces the usage of "infelicities" with "flaws" to improve readability.
2 parents c5eb9c5 + ccea7a2 commit 6da402d

File tree

1 file changed

+9
-10
lines changed

1 file changed

+9
-10
lines changed

draft-ietf-httpbis-rfc6265bis.md

Lines changed: 9 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -225,10 +225,9 @@ informative:
225225
This document defines the HTTP Cookie and Set-Cookie header fields. These
226226
header fields can be used by HTTP servers to store state (called cookies) at
227227
HTTP user agents, letting the servers maintain a stateful session over the
228-
mostly stateless HTTP protocol. Although cookies have many historical
229-
infelicities that degrade their security and privacy, the Cookie and Set-Cookie
230-
header fields are widely used on the Internet. This document obsoletes RFC
231-
6265.
228+
mostly stateless HTTP protocol. Although cookies have many historical flaws
229+
that degrade their security and privacy, the Cookie and Set-Cookie header
230+
fields are widely used on the Internet. This document obsoletes RFC 6265.
232231

233232
--- middle
234233

@@ -247,12 +246,12 @@ user agent. The scope indicates the maximum amount of time in which the user
247246
agent should return the cookie, the servers to which the user agent should
248247
return the cookie, and the connection types for which the cookie is applicable.
249248

250-
For historical reasons, cookies contain a number of security and privacy
251-
infelicities. For example, a server can indicate that a given cookie is
252-
intended for "secure" connections, but the Secure attribute does not provide
253-
integrity in the presence of an active network attacker. Similarly, cookies
254-
for a given host are shared across all the ports on that host, even though the
255-
usual "same-origin policy" used by web browsers isolates content retrieved via
249+
For historical reasons, cookies contain a number of security and privacy flaws.
250+
For example, a server can indicate that a given cookie is intended for "secure"
251+
connections, but the Secure attribute does not provide integrity in the
252+
presence of an active network attacker. Similarly, cookies for a given host
253+
are shared across all the ports on that host, even though the usual
254+
"same-origin policy" used by web browsers isolates content retrieved via
256255
different ports.
257256

258257
This specification applies to developers of both cookie-producing servers and

0 commit comments

Comments
 (0)