Closed
Bug 253974
Opened 20 years ago
Closed 17 years ago
implement strict domain checks per rfc2109
Categories
(Core :: Networking: Cookies, defect)
Core
Networking: Cookies
Tracking
()
RESOLVED
WONTFIX
Future
People
(Reporter: dwitte, Unassigned)
References
Details
(Keywords: helpwanted)
currently a.b.co.nz can set cookies for the .co.nz domain, while rfc2109 would only allow it to set cookies for .b.co.nz. if we enforced the strict domain stuff in rfc2109, by disallowing sites from setting cookies more than one domain level superior, it might somewhat mitigate the problem of sites being able to set cookies for entire TLD's (bug 252342). with the new cookie code, the reason for not being able to implement strict domain checks is now gone, so we could try implementing it again. see bug 8743 comment 2.
|
||
Comment 1•20 years ago
|
||
how strict is IE?
|
|
||
Updated•20 years ago
|
Keywords: helpwanted
Target Milestone: --- → Future
|
||
Comment 2•20 years ago
|
||
Dan, this looks like a dupe of bug 252342
|
Reporter | |
Comment 3•20 years ago
|
||
Close, but it's not a dupe. I filed this separately to consider reimplementing the exact method RFC2109 describes. As I said in comment 0, this might mitigate the problem in bug 252342 but won't solve it.
|
|
||
Updated•18 years ago
|
Assignee: darin → nobody
|
|
Reporter | |
Comment 4•17 years ago
|
||
if bug 385299 lands, this will be wontfix. marking dependency so i don't lose track of this.
Depends on: 385299
|
|
Reporter | |
Comment 5•17 years ago
|
||
wontfix per landing of bug 385299.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•