W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2016

Re: Cookies in Suborigins

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 19 May 2016 09:46:28 +0200
Message-ID: <CADnb78h_JOE7hWaQbQMy4ihxXPfp7-ud6ZoD-FcwodTc_pFmwQ@mail.gmail.com>
To: Joel Weinberger <jww@chromium.org>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, May 18, 2016 at 7:14 PM, Joel Weinberger <jww@chromium.org> wrote:
> Sorry, it was pointed out to me by Dev that I really meant that we're
> proposing the "Leave network cookies untouched, set document.cookie to
> undefined" (not the one I mentioned in the original email). That's what I
> get for writing a late night email from bed :-/

Why not make the document a cookie-averse Document object? That would
be a less invasive change and probably more compatible with existing
code.


-- 
https://annevankesteren.nl/
Received on Thursday, 19 May 2016 07:46:56 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:20 UTC