Expired
Milestone
expired on Dec 1, 2023
Cookies/credentials-related testing and documentation
The assumption is that cookies and other credentials should not be exposed to alternative transports (for example), but this needs strict testing and documentation. Perhaps this should also be configurable.
Plan
- design and deploy infrastructure for testing this
- test settings, assumptions, and edge-cases
- document best practices and potential pitfalls
- potentially (if deemed useful) implement configuration options for sending cookies/credentials when retrieving content via alternative transports