Require signing SF-Set-Cookie instead? > On 8 Jun 2022, at 3:31 am, Justin Richer <jricher@mit.edu> wrote: > > - Never sign Set-Cookie > - Never sign multiple Set-Cookie headers > - Have a special syntax for dealing with Set-Cookie (probably a derived component, but I’m not thrilled about this one) > - Warn against weirdness with multiple Set-Cookie headers > > Any other approaches? -- Mark Nottingham https://www.mnot.net/Received on Tuesday, 7 June 2022 23:01:36 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:44:07 UTC