Open oalders opened 11 months ago
I'm just wondering if this is strictly correct: https://metacpan.org/release/DAGOLDEN/HTTP-CookieJar-0.014/source/lib/HTTP/CookieJar.pm#L156
next if $cookie->{secure} && $scheme ne 'https';
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies states that a secure cookie can be sent via HTTP if the host is localhost. Disclaimer: I did not dig into any RFCs.
I'm just wondering if this is strictly correct: https://metacpan.org/release/DAGOLDEN/HTTP-CookieJar-0.014/source/lib/HTTP/CookieJar.pm#L156
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies states that a secure cookie can be sent via HTTP if the host is localhost. Disclaimer: I did not dig into any RFCs.