Switch branches/tags
Nothing to show
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
..
Failed to load latest commit information.
Makefile
README.markdown
draft-west-first-party-cookies-00.html
draft-west-first-party-cookies-00.txt
draft-west-first-party-cookies-00.xml
draft-west-first-party-cookies-01.html
draft-west-first-party-cookies-01.txt
draft-west-first-party-cookies-01.xml
draft-west-first-party-cookies-02.html
draft-west-first-party-cookies-02.txt
draft-west-first-party-cookies-02.xml
draft-west-first-party-cookies-03.html
draft-west-first-party-cookies-03.txt
draft-west-first-party-cookies-03.xml
draft-west-first-party-cookies-04.html
draft-west-first-party-cookies-04.txt
draft-west-first-party-cookies-04.xml
draft-west-first-party-cookies-05.html
draft-west-first-party-cookies-05.txt
draft-west-first-party-cookies-05.xml
draft-west-first-party-cookies-06.html
draft-west-first-party-cookies-06.txt
draft-west-first-party-cookies-06.xml
draft-west-first-party-cookies-07.html
draft-west-first-party-cookies-07.txt
draft-west-first-party-cookies-07.xml
draft.md

README.markdown

SameSite Cookies

We can mitigate the risk of CSRF attacks by sending cookies only if they would have been sent for the active document in the top-level browsing context.

This is similar to, but not the same as, Mark Goodwin's SameDomain concept: http://people.mozilla.org/~mgoodwin/SameDomain/. That's worth reading and considering as well.