First-Party-Only Traffic WAS: Re: First-Party-Only cookies
20 views
Skip to first unread message
Kevin Chadwick
unread,
Jan 21, 2016, 9:52:13 AM1/21/16
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to dev-se...@lists.mozilla.org
I apologise upfront as I haven't looked into the RFC properly at all.
I wonder if this idea could be extended so that I can instruct client
side that all traffic should originate from the primary domain?
Or is that pointless as TLS *should* guarantee this anyway. I guess it
could be stripped from plain text but wonder if it would still be of any
use?
Thinking about it that already exists as the content origin policy
directive, correct?
--
KISSIS - Keep It Simple So It's Securable
Mike West
unread,
Jan 22, 2016, 9:32:36 AM1/22/16
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Kevin Chadwick, dev-se...@lists.mozilla.org
It's not entirely clear to me what you're asking for, but Entry Point
Regulation might or might not be along the lines of what you're proposing:
https://w3c.github.io/webappsec-epr/