[HTTPS-Everywhere] Flagging cookies as secure
Chris Palmer
chris at eff.org
Fri Nov 12 13:13:45 PST 2010
On Nov 12, 2010, at 1:11 PM, Seth David Schoen wrote:
> But there's no way to target all subdomains under the <target>
> mechanism without eliminating all the efficiency benefits of <target>.
How about: If the cookies Domain covers any of the origins we want to secure, then secure that cookie. No need to explode the number of targets, and no need to secure cookies for origins we don't care about/don't have a rule for.
--
Chris Palmer
Technology Director, Electronic Frontier Foundation
More information about the HTTPS-everywhere
mailing list