cookies: leave secure cookies alone (7a09b52c) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

Commit 7a09b52c authored Dec 13, 2018 by

Daniel Gustafsson

cookies: leave secure cookies alone



Only allow secure origins to be able to write cookies with the
'secure' flag set. This reduces the risk of non-secure origins
to influence the state of secure origins. This implements IETF
Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
RFC6265.

Closes #2956
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

parent fdc5563b

Hide whitespace changes

Inline Side-by-side

Please register or to comment