W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2013

Re: Adding cookie scope to CSP

From: Alex Russell <slightlyoff@google.com>
Date: Tue, 10 Sep 2013 07:34:42 -0700
Message-ID: <CANr5HFUDPuGKx1BCGXTRsKnjuNLzUF6Z_LWGF-2sZsNq-7aYqg@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: "Nottingham, Mark" <mnotting@akamai.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Tue, Sep 10, 2013 at 7:25 AM, Anne van Kesteren <annevk@annevk.nl> wrote:

> On Tue, Sep 10, 2013 at 2:07 PM, Nottingham, Mark <mnotting@akamai.com>
> wrote:
> > cookie-scope
>
> In general this sounds like a good idea, but if we're going to scope
> cookies, by all means scope them by origin.


Cookies have sub-origin scoping.via the Path attribute. It might be useful
to be able to further restrict the ability of script in a page to
access/set cookies that are "below" some path.

Anyhow, +1 to the idea.
Received on Tuesday, 10 September 2013 14:35:39 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:02 UTC