Re: [w3ctag/design-reviews] Schemeful Same-Site (#497) from Steven Bingler on 2020-04-14 (public-webapps-github@w3.org from April 2020)

From: Steven Bingler <notifications@github.com>
Date: Tue, 14 Apr 2020 10:48:31 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/497/613585479@github.com>

Thank you Lily for your explanation, exactly.

Another way to look at the two is that: 

- **Schemeful same-site** determines which sites/iframes/sub-resources/etc are allowed to interact (send/set) with the available cookies in the cookie jar.
  -  http://site.example and https://site.example would be treated as if they were as different as https://site.example and https://othersite.example for purposes of same-site.

- **Scheme-bound cookies** splits up the cookie jar such that an insecure site will only have cookies set by an insecure scheme (which were therefore placed into the insecure cookie jar) available to it.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/497#issuecomment-613585479

Received on Tuesday, 14 April 2020 17:48:45 UTC