You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to the example in https://publicsuffix.org/list/, the rule *.jp indicates that Cookies may not be set for bar.jp. However, during our testing we found that a public suffix can actually set cookies for itself.
Check document.cookie. You can see the cookie is set.
Following the same logic in the example, the cookie should not be set because there is this rule *.alwaysdata.net on the PSL.
I am wondering what the expected behavior should be as I found no indication on the algorithm provided and this is reproducible in both Chrome and Firefox.
The text was updated successfully, but these errors were encountered:
This seemed reasonable to do, as these cookies won't leak past the suffix, and supported the localhost use case we'd gotten some developer complaints about.
According to the example in https://publicsuffix.org/list/, the rule
*.jp
indicates thatCookies may not be set for bar.jp
. However, during our testing we found that a public suffix can actually set cookies for itself.To test it:
document.cookie="x=1; path=/";
Following the same logic in the example, the cookie should not be set because there is this rule
*.alwaysdata.net
on the PSL.I am wondering what the expected behavior should be as I found no indication on the algorithm provided and this is reproducible in both Chrome and Firefox.
The text was updated successfully, but these errors were encountered: