W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: draft-west-leave-secure-cookies-alone

From: Willy Tarreau <w@1wt.eu>
Date: Thu, 22 Oct 2015 13:47:20 +0200
To: Mike West <mkwst@google.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20151022114720.GB4522@1wt.eu>
Hi Mike,

On Thu, Oct 22, 2015 at 01:26:47PM +0200, Mike West wrote:
> About that... https://tools.ietf.org/html/draft-west-origin-cookies-01
> is one approach.

Interesting idea.

> https://tools.ietf.org/html/draft-west-cookie-prefixes-04 is another
> (and has the advantage of being trivial to implement). Chrome's
> implemented the latter (at least the `$Secure-*` prefix) behind a flag
> for folks to start playing with.

This one is indeed less invasive than the first one as it continues to
respect the same header name for example.

Thanks for the explanations.
Willy
Received on Thursday, 22 October 2015 11:47:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC