- From: Andrew Daviel <andrew@andrew.triumf.ca>
- Date: Mon, 17 Feb 1997 14:13:00 -0800 (PST)
- To: Jeremey Barrett <jeremey@veriweb.com>
- Cc: www-talk@w3.org
On Fri, 7 Feb 1997, Jeremey Barrett wrote: > > The second, I'm not so sure about. Blocking cookies sent to > > domain C because they are inside a frame from domain A will break C's > > legitimate shopping application. In this example, it is less likely that > > C's page would be included in many frames than the advertisement banner > > in the first one. And then there's Java banners, concealed JavaScript, > > etc. > > You second example seems very odd. You have a frameset within a document? Not that odd. I have a frames based search engine launcher at e.g. http://vancouver-webpages.com/multisearch/canada.html http://vancouver-webpages.com/cgi-pub/cusi4-page.pl/Engine1=AltaVistaWeb&Engine6=eXcite but the situation might arise if a frame contains links to other sites and does not set target=_parent. > If you are fetching another entire HTML document, as you are in a framset, > then the cookie rules are applied to that document. (i.e. the rules are > applied to each document within the framset individually). HTTP doesn't > (and shouldn't) know about HTML. All frames-based documents boil down to > your first example at some point. Anyhow, a simple test reveals (as I think you are saying): A.html: <a href="B.html"> B.html: <frameset><frame src="C.html"><frame src="D.html"></frameset> C.html: <img src="C.gif"> D.html: <img src="D.gif"> The HTTP_REFERER for both C.html and D.html is A.html. The HTTP_REFERER for C.gif is C.html, for D.gif it's D.html So the images don't know about the parent frameset. JavaScript, who knows ? (I was disappointed to see that the email bug is back in Mozilla 3 .. www.digicrime.com .. maybe I just misconfigured one of my machines; this one's OK ..) Andrew (was off with a (organic!) virus ...)
Received on Monday, 17 February 1997 17:14:26 UTC