- From: Mark Nottingham <mnot@mnot.net>
- Date: Wed, 8 Jun 2022 09:01:17 +1000
- To: Justin Richer <jricher@mit.edu>
- Cc: Willy Tarreau <w@1wt.eu>, Martin Thomson <mt@lowentropy.net>, HTTP Working Group <ietf-http-wg@w3.org>
Require signing SF-Set-Cookie instead? > On 8 Jun 2022, at 3:31 am, Justin Richer <jricher@mit.edu> wrote: > > - Never sign Set-Cookie > - Never sign multiple Set-Cookie headers > - Have a special syntax for dealing with Set-Cookie (probably a derived component, but I’m not thrilled about this one) > - Warn against weirdness with multiple Set-Cookie headers > > Any other approaches? -- Mark Nottingham https://www.mnot.net/
Received on Tuesday, 7 June 2022 23:01:36 UTC