Age | Commit message (Collapse) | Author | |
---|---|---|---|
2018-12-13 | cookies: leave secure cookies alone | Daniel Gustafsson | |
Only allow secure origins to be able to write cookies with the 'secure' flag set. This reduces the risk of non-secure origins to influence the state of secure origins. This implements IETF Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates RFC6265. Closes #2956 Reviewed-by: Daniel Stenberg <daniel@haxx.se> |