Re: Adding cookie scope to CSP

On Tue, Sep 10, 2013 at 7:25 AM, Anne van Kesteren <annevk@annevk.nl> wrote:

> On Tue, Sep 10, 2013 at 2:07 PM, Nottingham, Mark <mnotting@akamai.com>
> wrote:
> > cookie-scope
>
> In general this sounds like a good idea, but if we're going to scope
> cookies, by all means scope them by origin.


Cookies have sub-origin scoping.via the Path attribute. It might be useful
to be able to further restrict the ability of script in a page to
access/set cookies that are "below" some path.

Anyhow, +1 to the idea.

Received on Tuesday, 10 September 2013 14:35:39 UTC