Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

new requirement - cookie partitioned attribute #2423

Closed
elarlang opened this issue Nov 29, 2024 · 1 comment
Closed

new requirement - cookie partitioned attribute #2423

elarlang opened this issue Nov 29, 2024 · 1 comment
Assignees
@elarlang
Labels
3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos V3 (prev V50) Group issues related to Web Frontend _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.

Comments

@elarlang
Copy link
Collaborator

Additional requirement for cookkie- Partitioned attribute

Wording for requirement to do.
@elarlang elarlang added _5.0 - prep This needs to be addressed to prepare 5.0 V3 (prev V50) Group issues related to Web Frontend labels Nov 29, 2024
@elarlang elarlang mentioned this issue Nov 29, 2024
Closed
@tghosth tghosth added the 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet label Dec 2, 2024
@elarlang elarlang self-assigned this Dec 8, 2024
@tghosth tghosth added 3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos and removed 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet labels Dec 17, 2024
@elarlang elarlang added _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine. and removed _5.0 - prep This needs to be addressed to prepare 5.0 labels Jan 2, 2025
@elarlang
Copy link
Collaborator Author

Status update: it may give an extra "jar" layer for cookies, but... it also gives an extra attack opportunity for attackers, because it removes the idea of __Host- prefixed cookie can be only cookie with that name-domain-path scope, now there is also the Partitioned attribute to play. If it could be my choice, I could roll-back the feature from browsers.

So at the moment I can not see the material for a requirement and closing this out.

@elarlang elarlang closed this as not planned Won't fix, can't repro, duplicate, stale Mar 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@elarlang elarlang

Labels
3) awaiting proposal There is some discussion in issue and reach to some results but it's not concluded with clear propos V3 (prev V50) Group issues related to Web Frontend _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tghosth @elarlang