aboutsummaryrefslogtreecommitdiff
path: root/docs/TODO
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2016-10-06 09:40:47 +0200
committerDaniel Stenberg <daniel@haxx.se>2016-10-06 09:40:47 +0200
commitda1a2d1ac8d49e519cfa5928689fd313f4ba71d7 (patch)
tree94fcba710ddad9442c792a65735de1c7eaf50f1f /docs/TODO
parentc271b1c29a176612c98977fd1c722952e86aace9 (diff)
TODO: Leave secure cookies alone
Diffstat (limited to 'docs/TODO')
-rw-r--r--docs/TODO9
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/TODO b/docs/TODO
index 1695d559c..24bbcd208 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -69,6 +69,7 @@
5.7 Brotli compression
5.8 QUIC
5.9 Add easy argument to formpost functions
+ 5.10 Leave secure cookies alone
6. TELNET
6.1 ditch stdin
@@ -554,6 +555,14 @@ This is not detailed in any FTP specification.
deprecating the old ones. Allows better error messages and is generally good
API hygiene.
+5.10 Leave secure cookies alone
+
+ Non-secure origins (HTTP sites) should not be allowed to set or modify
+ cookies with the 'secure' property:
+
+ https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-01
+
+
6. TELNET
6.1 ditch stdin