On Thu, May 19, 2016 at 4:52 PM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Thu, May 19, 2016 at 4:48 PM, Devdatta Akhawe <dev.akhawe@gmail.com> > wrote: > > I don't think I have heard of "cookie averse document object". Can you > > clarify a bit more? > > Well, it's part of how document.cookie is defined. If you're planning > on changing the document.cookie API, I recommend reading up on that: > https://html.spec.whatwg.org/multipage/dom.html#dom-document-cookie. FWIW this seems reasonable to me for the suborigin case as it matches the goals of the "safe cookie mode" quite well.
Received on Thursday, 19 May 2016 15:05:19 UTC