- From: Mike West <mkwst@google.com>
- Date: Wed, 28 Jan 2015 10:33:42 +0100
- To: Yehuda Katz <wycats@gmail.com>
- Cc: Daniel Appelquist <appelquist@gmail.com>, TAG List <www-tag@w3.org>
Received on Wednesday, 28 January 2015 09:34:30 UTC
On Mon, Jan 26, 2015 at 9:12 PM, Yehuda Katz <wycats@gmail.com> wrote: > I recently asked around about why we don't have a CSP mechanism (or other > opt in) to tell the browser that the cookies of a particular domain are > "same origin only". > Ah, cookies. What a mess. I took a stab at something like this in https://tools.ietf.org/html/draft-west-first-party-cookies-00. There seems to be vague interest in the HTTP WG, but I haven't gotten around to putting a prototype together yet. -mike -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Wednesday, 28 January 2015 09:34:30 UTC