Re: Adding cookie scope to CSP

On Tue, Sep 10, 2013 at 3:34 PM, Alex Russell <slightlyoff@google.com> wrote:
> Cookies have sub-origin scoping.via the Path attribute. It might be useful
> to be able to further restrict the ability of script in a page to access/set
> cookies that are "below" some path.

I'm not sure what this means. The path attribute offers no actual
protection and definitely does not provide origin-scoping. It's at
best a convenience feature.


-- 
http://annevankesteren.nl/

Received on Tuesday, 10 September 2013 14:59:23 UTC