cookies-over-http-bad issues

Results 5 cookies-over-http-bad issues

Sort by recently updated

special OPT_OUT cookie?

> Should we special-case the cookie value "OPT_OUT"? It would be unfortunate indeed if removing old cookies meant that users who had opted out of interest-based advertising started being targeted...

ghost

Prevent retrograding secure to plaintext

We had an issue a few years back when setting up tentative HTTPS, in that our login page would be served over HTTPS but the subsequent navigation could go on...

GuillaumeRossolini

Mention impact on document.cookie

Current phrasing like > those cookies which would actually be sent over HTTP etc. talks all about sending a Cookie header, but we should be clear that this applies to...

ericlaw1979

Unclear wording

I wasn't sure exactly what was meant by this? Isn't rebuilding infrastructure == pain? > Our goal should be to ensure that the friction involved with rebuilding their entire infrastructure...

ericlaw1979

More papers to consider including as justification.

https://freedom-to-tinker.com/2014/12/19/how-cookies-can-be-used-for-global-surveillance/ https://senglehardt.com/papers/www15_cookie_surveil.pdf

mikewest

cookies-over-http-bad
cookies-over-http-bad copied to clipboard

Metadata

special OPT_OUT cookie?

Prevent retrograding secure to plaintext

Mention impact on document.cookie

Unclear wording

More papers to consider including as justification.

← Metadata

Owner

Metadata

cookies-over-http-bad cookies-over-http-bad copied to clipboard

Metadata

special OPT_OUT cookie?

Prevent retrograding secure to plaintext

Mention impact on document.cookie

Unclear wording

More papers to consider including as justification.

← Metadata

Owner

Metadata

cookies-over-http-bad
cookies-over-http-bad copied to clipboard