W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2015

Re: A Somewhat Critical View of SOP (Same Origin Policy)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 16 Sep 2015 10:54:34 -0700
Message-ID: <CABkgnnWd-GQzTv4p-uBDVwprkJqovRUSH2iOR2URRVRbaWrVMg@mail.gmail.com>
To: Henry Story <henry.story@co-operating.systems>
Cc: Brad Hill <hillbrad@gmail.com>, Tony Arcieri <bascule@gmail.com>, Rigo Wenning <rigo@w3.org>, "public-web-security@w3.org" <public-web-security@w3.org>, "Mike O'Neill" <michael.oneill@baycloud.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, WebAppSec WG <public-webappsec@w3.org>
On 16 September 2015 at 08:59, Henry Story
<henry.story@co-operating.systems> wrote:
> Cookies respect SOP by design

This is not correct.  Cookies are part of the legacy cruft of the HTTP
protocol.  Just as application/x-form-data is
(https://fetch.spec.whatwg.org/#dom-request step 8)
Received on Wednesday, 16 September 2015 17:55:02 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:15 UTC