simon-friedberger
commented
3 days ago @wdhdev @groundcat Does one of you maybe want to take this?
Open simon-friedberger opened 1 month ago
simon-friedberger
commented
3 days ago @wdhdev @groundcat Does one of you maybe want to take this?
wdhdev
commented
3 days ago I'm not super aware of all the technical aspects around cookies, so I likely can't. I could give it a go though.
The documentation claims that cookies cannot be set on public suffixes but that is simply not true.
Host cookies (
__Host-or simply nodomain=...) always work.Domain cookies (with e.g.
domain=example.com) automatically degrade to host cookies by having their domain string reset as specified in https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-15#section-5.7-3.9.1 and variations thereof.