- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 4 Mar 2016 11:53:23 +1100
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Mike West <mkwst@google.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 4 March 2016 at 11:02, Mark Nottingham <mnot@mnot.net> wrote: > What do folks -- both other browser implementers and site folks -- think about this? This is a pretty nice hole Google dug for themselves. Though I have heard the same from folks at other similarly large and crufty organizations; it's a real problem. I have a small suggestion: if (request.url.scheme == 'http') { cookie.priority = 'floor'; } Related story, I believe that some of those people run servers that forcibly evict all cookies other than those on a small whitelist to prevent this sort of craziness. That turns out to have beneficial properties.
Received on Friday, 4 March 2016 01:01:40 UTC