summaryrefslogtreecommitdiff
path: root/docs/TODO
diff options
context:
space:
mode:
authorDaniel Gustafsson <daniel@yesql.se>2018-12-13 09:57:58 +0100
committerDaniel Gustafsson <daniel@yesql.se>2018-12-13 09:57:58 +0100
commit7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5 (patch)
tree65ff353305bd1d837519f292bf934a498ae4ed13 /docs/TODO
parentfdc5563b6e80bcdda89d68705cb5488ecc3a48ce (diff)
downloadcurl-7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5.tar.gz
cookies: leave secure cookies alone
Only allow secure origins to be able to write cookies with the 'secure' flag set. This reduces the risk of non-secure origins to influence the state of secure origins. This implements IETF Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates RFC6265. Closes #2956 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Diffstat (limited to 'docs/TODO')
-rw-r--r--docs/TODO8
1 files changed, 0 insertions, 8 deletions
diff --git a/docs/TODO b/docs/TODO
index f7fd722a8..e0d8ed68f 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -73,7 +73,6 @@
5.5 auth= in URLs
5.6 Refuse "downgrade" redirects
5.7 QUIC
- 5.8 Leave secure cookies alone
6. TELNET
6.1 ditch stdin
@@ -605,13 +604,6 @@
implemented. This, to allow other projects to benefit from the work and to
thus broaden the interest and chance of others to participate.
-5.8 Leave secure cookies alone
-
- Non-secure origins (HTTP sites) should not be allowed to set or modify
- cookies with the 'secure' property:
-
- https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-01
-
6. TELNET