Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upinvestigate similar origin resource groups and cookies #15802
Comments
|
@avadacatavra @asajeffrey So what is this issue about? |
|
@nox: the question is can we add process affinity to similar-origin pipelines, so that we can guarantee that pipelines that share cookies are in the same process? If we can, then we can use a per-process cookie jar rather than a global cookie jar, and we can make cookies non-serializable, which gives better security guarantees. All quite speculative, but it would be a security win if we can do it. |
|
Might make a good summer internship if we get the right student. |
|
Ask me how the attempt to avoid a global cookie jar in Firefox went. Hint: informal asynchronous distributed systems are very hard to reason about. |
|
@jdm: let me guess, it was straightforward and everybody went home happy and well-rested? |
see discussion in #servo here: http://logs.glob.uno/?c=mozilla%23servo&s=2+Mar+2017&e=2+Mar+2017#c622930
cc: @asajeffrey