explain excluded scope
#30
Comments
|
it wasn't clear to me either |
|
Sorry, the example in the explainer is bad and has holdovers from somewhat unfinished discussions. The idea is that the "credentials" instruction has certain scope, e.g. of paths and/or subdomains. The browser will only check for the presence of that credential for requests that are in that scope, and hold them if a refresh is needed. Out-of-scope requests will not be held or deferred. The explainer does gloss over this, but most unhelpfully it also omits the scope in the examples because the default is everything (i.e. any subdomain and any path). The purpose of excluded_scope then is to allow the website to carve out e.g. paths where it doesn't care about the presence of the short term cookie. This could be useful e.g. for static assets: By excluding '/static', the browser will not hold any requests to its subpaths. Those assets could be fetched in parallel with any potential refreshes. We'll try to clean this up in the explainer - and possibly this just best left out there. |
|
Thanks for the further explanation Arnar - definitely agree that the explainer could benefit from some clean up. |
unclear what the
excluded scopeproperty is in the credentials response from the server and how it applies to the cookiesThe text was updated successfully, but these errors were encountered: