New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secure Cookie flag #2320
Comments
+1 |
+1 (and in the security category) |
+1 |
Is this distinct from HttpOnly (#1415) and cookie prefixes (#4311)? If not, I believe these are now covered by MDN data: |
It appears to be distinct. A cookie prefix can impose a requirement that the cookie also have the
|
Oh, yes, of course: Is this covered by "Secure context required" and/or "schemeful"? |
I'm not sure keyword-searching unaccompanied by research is an optimal method for correlating features to MDN data... Presumably "secure context" refers to https://w3c.github.io/webappsec-secure-contexts/ , which is in large part about framing and workers, not just HTTPS; so I'm skeptical of any relation to cookies. But it's also unclear WTF that MDN datum is about. |
That's precisely why I was asking. I was trying to correlate available compat data with the topics covered on the MDN documentation page. A lot has changed in the realm of security since FWIW, "secure context required" was added in mdn/browser-compat-data#5426 and "schemeful" was added in mdn/browser-compat-data#9352. |
Secure flag for Cookie marks when a Cookie can only be sent over HTTPS connection.
Related to #1415,
The text was updated successfully, but these errors were encountered: