joelweinberger
commented
8 years ago As discussed in #56, it actually seems like the HTML spec should be changed to reflect that cookie-averse documents should disallow http-equiv=Set-Cookie, so I've filed https://github.com/whatwg/html/issues/1950 to suggest that. However, I'm still planning on committing #56 in the meantime to make sure our spec tracks this.
<meta http-equiv="Set-Cookie" content="...">should be ignored in any suborigin where document.cookie writes are ignored or fail