On Wed, Feb 11, 2015 at 11:20 AM, Jonas Sicking <jo...@sicking.cc> wrote:
> On Wed, Feb 11, 2015 at 1:52 AM, Anne van Kesteren <ann...@annevk.nl> > wrote: > > On Wed, Feb 11, 2015 at 10:42 AM, Jonas Sicking <jo...@sicking.cc> > wrote: > >> Has the group looked at expanding the feature set of cookies to allow > >> better CSRF protection? > > > > Mike has: > > > > > https://mikewest.github.io/internetdrafts/origin-cookies/draft-west-origin-cookies-00.html > > > https://mikewest.github.io/internetdrafts/first-party-cookies/draft-west-first-party-cookies-00.html > > > > Not many people are interested thus far is my understanding. Copied > > Mike if he has anything to add. > > I haven't ready the above proposals, so won't comment on those > specifically. But I'm certainly interested in seeing mozilla implement > something in this space. > > Fixing cross-site cookies would remove one of the big security > advantages that other platforms have over the web. > Talk to Mozilla's own Mark Goodwin (CC'd. Hi, Mark!) who had similar ideas (see http://people.mozilla.org/~mgoodwin/SameDomain/samedomain-latest.txt), and who might be interested in prototyping. -mike -- Mike West <mk...@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform