implement strict domain checks per rfc2109

RESOLVED WONTFIX

Status

()

defect
RESOLVED WONTFIX
15 years ago
12 years ago

People

(Reporter: dwitte, Unassigned)

Tracking

({helpwanted})

Trunk
Future
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Reporter

Description

15 years ago
currently a.b.co.nz can set cookies for the .co.nz domain, while rfc2109 would
only allow it to set cookies for .b.co.nz. if we enforced the strict domain
stuff in rfc2109, by disallowing sites from setting cookies more than one domain
level superior, it might somewhat mitigate the problem of sites being able to
set cookies for entire TLD's (bug 252342). with the new cookie code, the reason
for not being able to implement strict domain checks is now gone, so we could
try implementing it again.

see bug 8743 comment 2.

Comment 1

15 years ago
how strict is IE?

Updated

15 years ago
Keywords: helpwanted
Target Milestone: --- → Future

Comment 2

15 years ago
Dan, this looks like a dupe of bug 252342
Reporter

Comment 3

15 years ago
Close, but it's not a dupe. I filed this separately to consider reimplementing
the exact method RFC2109 describes. As I said in comment 0, this might mitigate
the problem in bug 252342 but won't solve it.

Updated

13 years ago
Assignee: darin → nobody
Reporter

Comment 4

12 years ago
if bug 385299 lands, this will be wontfix. marking dependency so i don't lose track of this.
Depends on: 385299
Reporter

Comment 5

12 years ago
wontfix per landing of bug 385299.
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.