Re: Cookies in Suborigins

On Thu, May 19, 2016 at 4:52 PM, Anne van Kesteren <annevk@annevk.nl> wrote:

> On Thu, May 19, 2016 at 4:48 PM, Devdatta Akhawe <dev.akhawe@gmail.com>
> wrote:
> > I don't think I have heard of "cookie averse document object". Can you
> > clarify a bit more?
>
> Well, it's part of how document.cookie is defined. If you're planning
> on changing the document.cookie API, I recommend reading up on that:
> https://html.spec.whatwg.org/multipage/dom.html#dom-document-cookie.


FWIW this seems reasonable to me for the suborigin case as it matches the
goals of the "safe cookie mode" quite well.

Received on Thursday, 19 May 2016 15:05:19 UTC