diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/HTTP-COOKIES.md | 4 | ||||
| -rw-r--r-- | docs/TODO | 8 |
2 files changed, 3 insertions, 9 deletions
diff --git a/docs/HTTP-COOKIES.md b/docs/HTTP-COOKIES.md index a1b283454..66e39d232 100644 --- a/docs/HTTP-COOKIES.md +++ b/docs/HTTP-COOKIES.md @@ -18,7 +18,9 @@ original [Netscape spec from 1994](https://curl.haxx.se/rfc/cookie_spec.html). In 2011, [RFC6265](https://www.ietf.org/rfc/rfc6265.txt) was finally - published and details how cookies work within HTTP. + published and details how cookies work within HTTP. In 2017, an update was + [drafted](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-01) + to deprecate modification of 'secure' cookies from non-secure origins. ## Cookies saved to disk @@ -73,7 +73,6 @@ 5.5 auth= in URLs 5.6 Refuse "downgrade" redirects 5.7 QUIC - 5.8 Leave secure cookies alone 6. TELNET 6.1 ditch stdin @@ -605,13 +604,6 @@ implemented. This, to allow other projects to benefit from the work and to thus broaden the interest and chance of others to participate. -5.8 Leave secure cookies alone - - Non-secure origins (HTTP sites) should not be allowed to set or modify - cookies with the 'secure' property: - - https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-01 - 6. TELNET |