Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[] (0) Mention HTTP-only cookies. (credit: ak)
git-svn-id: http://svn.whatwg.org/webapps@2517 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
Hixie committed Dec 2, 2008
1 parent 4ead7b4 commit 825bb4c
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 4 deletions.
11 changes: 9 additions & 2 deletions index
Expand Up @@ -5791,7 +5791,7 @@ http://software.hixie.ch/utilities/js/live-dom-viewer/?%3C%21DOCTYPE%20html%3E..
authority, it must return the empty string. Otherwise, it must
return the same string as the value of the <code title="">Cookie</code> HTTP header it would include if <a href=#fetch title=fetch>fetching</a> the resource indicated by <a href="#the-document's-address">the
document's address</a> over HTTP, as per RFC 2109 section 4.3.4
or later specifications. <a href=#refsRFC2109>[RFC2109]</a> <a href=#refsRFC2965>[RFC2965]</a></p>
or later specifications, excluding HTTP-only cookies. <a href=#refsRFC2109>[RFC2109]</a> <a href=#refsRFC2965>[RFC2965]</a></p>

<p>On setting, if the document is not associated with a
<a href=#browsing-context>browsing context</a> then the user agent must raise an
Expand All @@ -5805,7 +5805,14 @@ http://software.hixie.ch/utilities/js/live-dom-viewer/?%3C%21DOCTYPE%20html%3E..
<a href=#fetch>fetch</a> <a href="#the-document's-address">the document's address</a> over HTTP,
and had received a response with a <code>Set-Cookie</code> header
whose value was the specified value, as per RFC 2109 sections 4.3.1,
4.3.2, and 4.3.3 or later specifications. <a href=#refsRFC2109>[RFC2109]</a> <a href=#refsRFC2965>[RFC2965]</a></p>
4.3.2, and 4.3.3 or later specifications, but without overwriting
the values of HTTP-only cookies. <a href=#refsRFC2109>[RFC2109]</a> <a href=#refsRFC2965>[RFC2965]</a></p>

<p class=note>This specification does not define what makes an
HTTP-only cookie, and at the time of publication the editor is not
aware of any reference for HTTP-only cookies. They are a feature
supported by some Web browsers wherein an "<code title="">httponly</code>" parameter added to the cookie string
causes the cookie to be hidden from script.</p>

<p class=note>Since the <code title=dom-document-cookie><a href=#dom-document-cookie>cookie</a></code> attribute is accessible
across frames, the path restrictions on cookies are only a tool to
Expand Down
13 changes: 11 additions & 2 deletions source
Expand Up @@ -5792,7 +5792,8 @@ http://software.hixie.ch/utilities/js/live-dom-viewer/?%3C%21DOCTYPE%20html%3E..
title="">Cookie</code> HTTP header it would include if <span
title="fetch">fetching</span> the resource indicated by <span>the
document's address</span> over HTTP, as per RFC 2109 section 4.3.4
or later specifications. <a href="#refsRFC2109">[RFC2109]</a> <a
or later specifications, excluding HTTP-only cookies. <a
href="#refsRFC2109">[RFC2109]</a> <a
href="#refsRFC2965">[RFC2965]</a></p>

<p>On setting, if the document is not associated with a
Expand All @@ -5807,10 +5808,18 @@ http://software.hixie.ch/utilities/js/live-dom-viewer/?%3C%21DOCTYPE%20html%3E..
<span>fetch</span> <span>the document's address</span> over HTTP,
and had received a response with a <code>Set-Cookie</code> header
whose value was the specified value, as per RFC 2109 sections 4.3.1,
4.3.2, and 4.3.3 or later specifications. <a
4.3.2, and 4.3.3 or later specifications, but without overwriting
the values of HTTP-only cookies. <a
href="#refsRFC2109">[RFC2109]</a> <a
href="#refsRFC2965">[RFC2965]</a></p>

<p class="note">This specification does not define what makes an
HTTP-only cookie, and at the time of publication the editor is not
aware of any reference for HTTP-only cookies. They are a feature
supported by some Web browsers wherein an "<code
title="">httponly</code>" parameter added to the cookie string
causes the cookie to be hidden from script.</p>

<p class="note">Since the <code
title="dom-document-cookie">cookie</code> attribute is accessible
across frames, the path restrictions on cookies are only a tool to
Expand Down

0 comments on commit 825bb4c

Please sign in to comment.