diff options
author | Daniel Gustafsson <daniel@yesql.se> | 2018-12-13 09:57:58 +0100 |
---|---|---|
committer | Daniel Gustafsson <daniel@yesql.se> | 2018-12-13 09:57:58 +0100 |
commit | 7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5 (patch) | |
tree | 65ff353305bd1d837519f292bf934a498ae4ed13 /docs/TODO | |
parent | fdc5563b6e80bcdda89d68705cb5488ecc3a48ce (diff) |
cookies: leave secure cookies alone
Only allow secure origins to be able to write cookies with the
'secure' flag set. This reduces the risk of non-secure origins
to influence the state of secure origins. This implements IETF
Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
RFC6265.
Closes #2956
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Diffstat (limited to 'docs/TODO')
-rw-r--r-- | docs/TODO | 8 |
1 files changed, 0 insertions, 8 deletions
@@ -73,7 +73,6 @@ 5.5 auth= in URLs 5.6 Refuse "downgrade" redirects 5.7 QUIC - 5.8 Leave secure cookies alone 6. TELNET 6.1 ditch stdin @@ -605,13 +604,6 @@ implemented. This, to allow other projects to benefit from the work and to thus broaden the interest and chance of others to participate. -5.8 Leave secure cookies alone - - Non-secure origins (HTTP sites) should not be allowed to set or modify - cookies with the 'secure' property: - - https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-01 - 6. TELNET |