CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
7.54k
stars
1.5k
forks
source link
Incomplete documentation for cs/web/broad-cookie-domain #15169
Open
johnaceous opened 9 months ago
I believe the CodeQL documentation here conflicts with MDN by omission:
https://codeql.github.com/codeql-query-help/csharp/cs-web-broad-cookie-domain/
According to MDN, that cookie would also be available to subdomains:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#domain_attribute
The CodeQL documentation should state that "In this example cookie1 is accessible from online-bank.com and its subdomains".