mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-12-09 06:30:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

HTTP-COOKIES.md: mention that http://localhost is a secure context

Browse Source 
Reported-by: Trail of Bits

Closes #9938
This commit is contained in:
Daniel Stenberg 2022-11-17 19:08:56 +01:00
parent e9c580de4e
commit b473df52bb
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/HTTP-COOKIES.md
View File

@ -29,6 +29,11 @@
RFC6265. Cookie prefixes and secure cookie modification protection has been
implemented by curl.
curl considers `http://localhost` to be a *secure context*, meaning that it
will allow and use cookies marked with the `secure` keyword even when done
over plain HTTP for this host. curl does this to match how popular browsers
work with secure cookies.
## Cookies saved to disk
Netscape once created a file format for storing cookies on disk so that they