Skip to content

Commit

Permalink
Require "Secure" for "SameSite=None".
Browse files Browse the repository at this point in the history
  • Loading branch information
miketaylr committed Nov 25, 2020
1 parent 0001e89 commit ae49319
Showing 1 changed file with 7 additions and 4 deletions.
11 changes: 7 additions & 4 deletions draft-ietf-httpbis-rfc6265bis.md
Original file line number Diff line number Diff line change
Expand Up @@ -1463,11 +1463,14 @@ user agent MUST process the cookie as follows:

4. Abort these steps and ignore the newly created cookie entirely.

16. If the cookie-name begins with a case-sensitive match for the string
16. If the cookie's "same-site-flag" is "None", abort these steps and ignore the
cookie entirely unless the cookie's secure-only-flag is true.

17. If the cookie-name begins with a case-sensitive match for the string
"__Secure-", abort these steps and ignore the cookie entirely unless the
cookie's secure-only-flag is true.

17. If the cookie-name begins with a case-sensitive match for the string
18. If the cookie-name begins with a case-sensitive match for the string
"__Host-", abort these steps and ignore the cookie entirely unless the
cookie meets all the following criteria:

Expand All @@ -1478,7 +1481,7 @@ user agent MUST process the cookie as follows:
3. The cookie-attribute-list contains an attribute with an attribute-name
of "Path", and the cookie's path is `/`.

18. If the cookie store contains a cookie with the same name, domain,
19. If the cookie store contains a cookie with the same name, domain,
host-only-flag, and path as the newly-created cookie:

1. Let old-cookie be the existing cookie with the same name, domain,
Expand All @@ -1495,7 +1498,7 @@ user agent MUST process the cookie as follows:

4. Remove the old-cookie from the cookie store.

19. Insert the newly-created cookie into the cookie store.
20. Insert the newly-created cookie into the cookie store.

A cookie is "expired" if the cookie has an expiry date in the past.

Expand Down

0 comments on commit ae49319

Please sign in to comment.