[Webkit-unassigned] [Bug 191406] [Curl] Reject the entire cookie if the domain fails a tailmatch.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 7 16:12:26 PST 2018
https://bugs.webkit.org/show_bug.cgi?id=191406
--- Comment #1 from Basuke Suzuki <Basuke.Suzuki at sony.com> ---
The entire cookie needs to be rejected if a site tries to set a cookie that fails these conditions.
https://tools.ietf.org/html/rfc6265#section-5.1.3.
Basically the domain attribute of a cookie must either be an exact match, or a suffix starting at the start of a %2e (".") separated domain part that is not an IP address.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181108/eeeae2c5/attachment.html>
More information about the webkit-unassigned
mailing list