Re: Cookies Settings Observations

On Mon, Jan 26, 2015 at 9:12 PM, Yehuda Katz <> wrote:

> I recently asked around about why we don't have a CSP mechanism (or other
> opt in) to tell the browser that the cookies of a particular domain are
> "same origin only".
Ah, cookies. What a mess.

I took a stab at something like this in There seems
to be vague interest in the HTTP WG, but I haven't gotten around to putting
a prototype together yet.


Mike West <>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

Received on Wednesday, 28 January 2015 09:34:30 UTC