On Wed, Feb 11, 2015 at 10:42 AM, Jonas Sicking <jo...@sicking.cc> wrote: > Has the group looked at expanding the feature set of cookies to allow > better CSRF protection?
Mike has: https://mikewest.github.io/internetdrafts/origin-cookies/draft-west-origin-cookies-00.html https://mikewest.github.io/internetdrafts/first-party-cookies/draft-west-first-party-cookies-00.html Not many people are interested thus far is my understanding. Copied Mike if he has anything to add. > Another thing that would be very useful is page-specific or > tab-specific cookies. So that websites like gmail could keep you > logged in using different accounts in different tabs. Right now that > essentially require the website to add a user identifier to the URL of > all requests that are coming from a page, which is quite a demanding > task. I thought sessionStorage addressed this. (Although of course it's a poor API since it's synchronous.) -- https://annevankesteren.nl/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
