Bug 158730

Summary: Add "__Secure-" and "__Host-" cookie prefix support
Product: WebKit Reporter: Craig Francis <craig+webkit>
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED INVALID    
Severity: Normal CC: ap, beidson, bfulgham, wilander
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   

Description Craig Francis 2016-06-14 03:55:50 PDT 
This allows a website to ensure that cookies are set with the "secure" attribute (only used over HTTPS), and optionally only be allowed for the current host (set without a Domain attribute, and the path is set to "/").

This has been implemented in Chrome 49:
https://googlechrome.github.io/samples/cookie-prefixes/

Explanation:
https://chloe.re/2016/04/27/cookieprefixes/

Spec:
https://tools.ietf.org/html/draft-west-cookie-prefixes-05
Comment 1 Alexey Proskuryakov 2016-06-14 11:22:41 PDT 
Cookies are implemented in underlying networking libraries, WebKit doesn't do this.

Could you please file a bug at <https://bugreport.apple.com>?
Comment 2 Craig Francis 2016-06-16 06:54:32 PDT 
This has been reported on <https://bugreport.apple.com>, under bug report 26837283.
Comment 3 Brent Fulgham 2016-06-16 08:36:04 PDT 
<radar://problem/26837283>