Re: Cookies in Suborigins from Devdatta Akhawe on 2016-05-19 (public-webappsec@w3.org from May 2016)

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Thu, 19 May 2016 08:19:24 -0700
To: Artur Janc <aaj@google.com>
Cc: Joel Weinberger <jww@chromium.org>, public-webappsec@w3.org, Anne van Kesteren <annevk@annevk.nl>
Message-ID: <CAPfop_0d5HDneJhJHQH0dn0Z4N1HXFNdH_zS4ayJTRevQnM_7Q@mail.gmail.com>

Yup that seems like what we want. Thanks!
On May 19, 2016 8:04 AM, "Artur Janc" <aaj@google.com> wrote:

> On Thu, May 19, 2016 at 4:52 PM, Anne van Kesteren <annevk@annevk.nl>
> wrote:
>
>> On Thu, May 19, 2016 at 4:48 PM, Devdatta Akhawe <dev.akhawe@gmail.com>
>> wrote:
>> > I don't think I have heard of "cookie averse document object". Can you
>> > clarify a bit more?
>>
>> Well, it's part of how document.cookie is defined. If you're planning
>> on changing the document.cookie API, I recommend reading up on that:
>> https://html.spec.whatwg.org/multipage/dom.html#dom-document-cookie.
>
>
> FWIW this seems reasonable to me for the suborigin case as it matches the
> goals of the "safe cookie mode" quite well.
>

Received on Thursday, 19 May 2016 15:19:56 UTC