Re: Cookies in Suborigins from Devdatta Akhawe on 2016-05-19 (public-webappsec@w3.org from May 2016)

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Thu, 19 May 2016 07:48:27 -0700
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Joel Weinberger <jww@chromium.org>, public-webappsec@w3.org
Message-ID: <CAPfop_1dQNMWrc57qXsFFNDCtbw7i-n5KJmWOpt0qVV=cTv2Vw@mail.gmail.com>

I don't think I have heard of "cookie averse document object". Can you
clarify a bit more?
On May 19, 2016 12:49 AM, "Anne van Kesteren" <annevk@annevk.nl> wrote:

> On Wed, May 18, 2016 at 7:14 PM, Joel Weinberger <jww@chromium.org> wrote:
> > Sorry, it was pointed out to me by Dev that I really meant that we're
> > proposing the "Leave network cookies untouched, set document.cookie to
> > undefined" (not the one I mentioned in the original email). That's what I
> > get for writing a late night email from bed :-/
>
> Why not make the document a cookie-averse Document object? That would
> be a less invasive change and probably more compatible with existing
> code.
>
>
> --
> https://annevankesteren.nl/
>
>

Received on Thursday, 19 May 2016 14:48:58 UTC