[Webkit-unassigned] [Bug 215201] New: Experimental: Cap the expiry of persistent cookies set in 3rd-party CNAME cloaked HTTP responses

Wed Aug 5 16:31:33 PDT 2020

https://bugs.webkit.org/show_bug.cgi?id=215201

            Bug ID: 215201
           Summary: Experimental: Cap the expiry of persistent cookies set
                    in 3rd-party CNAME cloaked HTTP responses
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: wilander at apple.com

3rd-party CNAME cloaking is used as a way to circumvent ITP's 7-day expiry cap on client-side cookies. We should detect 3rd-party CNAME cloaking and cap the expiry of persistent cookies set in responses to requests cloaked in such a way.

Third-party CNAME cloaking means a first-party subdomain resolves to a third-party domain which does not match the resolution for the top frame host.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200805/fc29bd26/attachment-0001.htm>