- From: Frederik <notifications@github.com>
- Date: Fri, 08 Feb 2019 01:12:09 -0800
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 8 February 2019 09:12:31 UTC
https://url.spec.whatwg.org/commit-snapshots/d2ef633869b3f31d8c7e3bb76602400e4d2c126c/#example-same-site > Specifications should avoid depending on "public suffix", "registrable domain", and "same site"\. The public suffix list will diverge from client to client, and cannot be relied\-upon to provide a hard security boundary\. Specifications which ignore this advice are encouraged to carefully consider whether URLs' schemes ought to be incorporated into any decision made based upon whether or not two hosts are same site\. HTML’s same origin\-domain concept is a reasonable example of this consideration in practice\. I suggest changing this to lead with what people *should* do (i.e., use an origin for comparisons) and then expand why -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/issues/429
Received on Friday, 8 February 2019 09:12:31 UTC