- From: Willy Tarreau <w@1wt.eu>
- Date: Thu, 22 Oct 2015 13:47:20 +0200
- To: Mike West <mkwst@google.com>
- Cc: Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Hi Mike, On Thu, Oct 22, 2015 at 01:26:47PM +0200, Mike West wrote: > About that... https://tools.ietf.org/html/draft-west-origin-cookies-01 > is one approach. Interesting idea. > https://tools.ietf.org/html/draft-west-cookie-prefixes-04 is another > (and has the advantage of being trivial to implement). Chrome's > implemented the latter (at least the `$Secure-*` prefix) behind a flag > for folks to start playing with. This one is indeed less invasive than the first one as it continues to respect the same header name for example. Thanks for the explanations. Willy
Received on Thursday, 22 October 2015 11:47:46 UTC