TODO: Leave secure cookies alone

2025-01-30 14:22:33 +08:00 · 2016-10-06 09:40:47 +02:00 · 2016-10-06 09:40:47 +02:00 · da1a2d1ac8
commit da1a2d1ac8
parent c271b1c29a
1 changed files with 9 additions and 0 deletions
--- a/docs/TODO
+++ b/docs/TODO
@ -69,6 +69,7 @@
 5.7 Brotli compression
 5.8 QUIC
 5.9 Add easy argument to formpost functions
+ 5.10 Leave secure cookies alone

 6. TELNET
 6.1 ditch stdin
@ -554,6 +555,14 @@ This is not detailed in any FTP specification.
 deprecating the old ones. Allows better error messages and is generally good
 API hygiene.

+5.10 Leave secure cookies alone
+
+ Non-secure origins (HTTP sites) should not be allowed to set or modify
+ cookies with the 'secure' property:
+
+ https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-01
+
+
 6. TELNET

 6.1 ditch stdin