| commit | ae819bb3096b63a11b8c1ff47dd3b69f85ea241b | [log] [tgz] |
|---|---|---|
| author | mkwst <[email protected]> | Mon Feb 23 05:10:31 2015 |
| committer | Commit bot <[email protected]> | Mon Feb 23 05:11:25 2015 |
| tree | ec97dfaf204412c66e4246c597fe00cbdf64083e | |
| parent | d726d218c92888278509ef9b4a9e639cf9fce659 [diff] |
Implement the "First-Party-Only" cookie attribute. First-party-only cookies allow servers to mitigate the risk of cross-site request forgery and related information leakage attacks by asserting that a particular cookie should only be sent in a "first-party" context. This patch adds support for the 'First-Party-Only' attribute to the CookieMonster and CookieStore, but does not yet wire up requests such that the flag has any effect. https://codereview.chromium.org/940373002 will do so by correctly setting the first-party URL on the CookieOptions object used to load cookies for a request. Spec: https://tools.ietf.org/html/draft-west-first-party-cookies Intent to Implement: https://groups.google.com/a/chromium.org/d/msg/blink-dev/vT98riFhhT0/3Q-lADqsh0UJ BUG=459154 [email protected] Review URL: https://codereview.chromium.org/876973003 Cr-Commit-Position: refs/heads/master@{#317544}