- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 4 Mar 2016 11:53:23 +1100
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Mike West <mkwst@google.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 4 March 2016 at 11:02, Mark Nottingham <mnot@mnot.net> wrote:
> What do folks -- both other browser implementers and site folks -- think about this?
This is a pretty nice hole Google dug for themselves. Though I have
heard the same from folks at other similarly large and crufty
organizations; it's a real problem.
I have a small suggestion:
if (request.url.scheme == 'http') {
cookie.priority = 'floor';
}
Related story, I believe that some of those people run servers that
forcibly evict all cookies other than those on a small whitelist to
prevent this sort of craziness. That turns out to have beneficial
properties.
Received on Friday, 4 March 2016 01:01:40 UTC