158730 – Add "__Secure-" and "__Host-" cookie prefix support

Bug 158730 - Add "__Secure-" and "__Host-" cookie prefix support

Summary: Add "__Secure-" and "__Host-" cookie prefix support

Status:	RESOLVED INVALID

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Page Loading (show other bugs)
Version:	Other
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2016-06-14 03:55 PDT by Craig Francis
Modified:	2016-06-16 08:36 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Craig Francis 2016-06-14 03:55:50 PDT

This allows a website to ensure that cookies are set with the "secure" attribute (only used over HTTPS), and optionally only be allowed for the current host (set without a Domain attribute, and the path is set to "/").

This has been implemented in Chrome 49:
https://googlechrome.github.io/samples/cookie-prefixes/

Explanation:
https://chloe.re/2016/04/27/cookieprefixes/

Spec:
https://tools.ietf.org/html/draft-west-cookie-prefixes-05

Comment 1 Alexey Proskuryakov 2016-06-14 11:22:41 PDT

Cookies are implemented in underlying networking libraries, WebKit doesn't do this.

Could you please file a bug at <https://bugreport.apple.com>?

Comment 2 Craig Francis 2016-06-16 06:54:32 PDT

This has been reported on <https://bugreport.apple.com>, under bug report 26837283.

Comment 3 Brent Fulgham 2016-06-16 08:36:04 PDT

<radar://problem/26837283>