Closed Bug 253974 Opened 18 years ago Closed 15 years ago

implement strict domain checks per rfc2109

Categories

(Core :: Networking: Cookies, defect)

defect
Not set
normal

Tracking

()

RESOLVED WONTFIX
Future

People

(Reporter: dwitte, Unassigned)

References

Details

(Keywords: helpwanted)

currently a.b.co.nz can set cookies for the .co.nz domain, while rfc2109 would
only allow it to set cookies for .b.co.nz. if we enforced the strict domain
stuff in rfc2109, by disallowing sites from setting cookies more than one domain
level superior, it might somewhat mitigate the problem of sites being able to
set cookies for entire TLD's (bug 252342). with the new cookie code, the reason
for not being able to implement strict domain checks is now gone, so we could
try implementing it again.

see bug 8743 comment 2.
how strict is IE?
Keywords: helpwanted
Target Milestone: --- → Future
Dan, this looks like a dupe of bug 252342
Close, but it's not a dupe. I filed this separately to consider reimplementing
the exact method RFC2109 describes. As I said in comment 0, this might mitigate
the problem in bug 252342 but won't solve it.
Assignee: darin → nobody
if bug 385299 lands, this will be wontfix. marking dependency so i don't lose track of this.
Depends on: 385299
wontfix per landing of bug 385299.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.