The Cookie Store API exposes HTTP cookies to service workers and offers an asynchronous alternative to document.cookie. This change is about exposing it to all secure contexts by including allowing local origins (127.0.0.1, localhost address, file://...).
This allows developers to quickly experiment things locally, without the need to set up a HTTPs server.-- Frédéric Wang
It seems fine to me to treat local network addresses as more secure, but I wonder a bit about the file:// protocol and cookies. Can locally loaded files have cookies, and if they can, could that be exploited?
/Daniel
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/df6dc834-a7e4-1dc1-12ad-82dd8c357fe5%40igalia.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/3128ac4a-19f0-0826-5b47-86b48f789334%40gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAKXHy%3Dddjrr70PXy6XMDJWFfGK%2BOA9vQEQM8T5ix6f8p0xSCUQ%40mail.gmail.com.
For file://, there is something else preventing the cookies to be modified anyway, but I'll modify my patch to continue to provide the same exception message.
Thanks,
-- Frédéric Wang