|
|
Subscribe / Log in / New account

Should the IETF ship or skip HTTP 2.0?

Should the IETF ship or skip HTTP 2.0?

Posted Jun 6, 2014 21:20 UTC (Fri) by Cyberax (✭ supporter ✭, #52523)
In reply to: Should the IETF ship or skip HTTP 2.0? by job
Parent article: Should the IETF ship or skip HTTP 2.0?

Whut?

Cookie scoping is easy: http://tools.ietf.org/html/rfc6265#section-4


to post comments

Should the IETF ship or skip HTTP 2.0?

Posted Jun 6, 2014 22:20 UTC (Fri) by nybble41 (subscriber, #55106) [Link]

Oh, sure, "easy". Until you read sections 5.1.2 regarding canonical host names, and 5.3.5 (which I think "job" was referring to) regarding the ever-varying list of "public prefixes" requiring special consideration--without which any random example.com could register a cookie for "com." and have it scoped over nearly all commercial websites.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds