W3C home > Mailing lists > Public > www-tag@w3.org > January 2015

Re: Cookies Settings Observations

From: Mike West <mkwst@google.com>
Date: Wed, 28 Jan 2015 10:33:42 +0100
Message-ID: <CAKXHy=cUAkUgtKVSHOFEb+-a_od57J97uiZr+rN4-_xDXDj2tA@mail.gmail.com>
To: Yehuda Katz <wycats@gmail.com>
Cc: Daniel Appelquist <appelquist@gmail.com>, TAG List <www-tag@w3.org>
On Mon, Jan 26, 2015 at 9:12 PM, Yehuda Katz <wycats@gmail.com> wrote:

> I recently asked around about why we don't have a CSP mechanism (or other
> opt in) to tell the browser that the cookies of a particular domain are
> "same origin only".
>
Ah, cookies. What a mess.

I took a stab at something like this in
https://tools.ietf.org/html/draft-west-first-party-cookies-00. There seems
to be vague interest in the HTTP WG, but I haven't gotten around to putting
a prototype together yet.

-mike

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Wednesday, 28 January 2015 09:34:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:09 UTC