info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
First-Party-Only Traffic WAS: Re: First-Party-Only cookies
20 views
Skip to first unread message
Kevin Chadwick
Jan 21, 2016, 9:52:13 AM1/21/16
to dev-se...@lists.mozilla.org
I apologise upfront as I haven't looked into the RFC properly at all.
I wonder if this idea could be extended so that I can instruct client
side that all traffic should originate from the primary domain?
Or is that pointless as TLS *should* guarantee this anyway. I guess it
could be stripped from plain text but wonder if it would still be of any
use?
Thinking about it that already exists as the content origin policy
directive, correct?
--
KISSIS - Keep It Simple So It's Securable
I wonder if this idea could be extended so that I can instruct client
side that all traffic should originate from the primary domain?
Or is that pointless as TLS *should* guarantee this anyway. I guess it
could be stripped from plain text but wonder if it would still be of any
use?
Thinking about it that already exists as the content origin policy
directive, correct?
--
KISSIS - Keep It Simple So It's Securable
Mike West
Jan 22, 2016, 9:32:36 AM1/22/16
to Kevin Chadwick, dev-se...@lists.mozilla.org
It's not entirely clear to me what you're asking for, but Entry Point
Regulation might or might not be along the lines of what you're proposing:
https://w3c.github.io/webappsec-epr/
-mike
-mike
> _______________________________________________
> dev-security mailing list
> dev-se...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security
>
Regulation might or might not be along the lines of what you're proposing:
https://w3c.github.io/webappsec-epr/
-mike
-mike
> dev-security mailing list
> dev-se...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security
>
0 new messages