[Webkit-unassigned] [Bug 10957] HttpOnly Cookie Option

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Mar 27 18:47:08 PDT 2008


------- Comment #6 from jim at manico.net  2008-03-27 18:47 PDT -------
(from Robert)

The problem isn't entirely with WebKit itself, but with the underlying
implementation of HTTP. Safari uses CFNetwork on the mac to parse HTTP headers
into objects. Unfortunately, this code isn't public, and it's this code that
needs to be changed in order for HTTPOnly to be implemented. While preventing
DOM/JavaScript access to cookies needs to be done in the WebKit source, until
the underlying network implementation is updated to parse the HTTPOnly flag,
there's no way this is possible.

So in short, Apple is blocking this bug from being fixed. Once they update
CFNetwork, progress on this patch can be made. Until then, no dice. I recommend
you file a bug in RadarWeb if you're interested in getting HTTPOnly/CFNetwork

Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list