In reading the storage model spec a little more closely, it looks like my above question #2 is expected. https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-10#section-5.5 ``` If the cookie's secure-only-flag is false, and the scheme component of request-uri does not denote a "secure" protocol, then abort these steps and ignore the cookie entirely if the cookie store contains one or more cookies that meet all of the following criteria: Their name matches the name of the newly-created cookie. Their secure-only-flag is true. ```
Bug 1783536 Comment 13 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
In reading the storage model spec a little more closely, it looks like my above question #2 is expected. https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-10#section-5.5 ``` If the cookie's secure-only-flag is false, and the scheme component of request-uri does not denote a "secure" protocol, then abort these steps and ignore the cookie entirely if the cookie store contains one or more cookies that meet all of the following criteria: * Their name matches the name of the newly-created cookie. * Their secure-only-flag is true. * ... ```