Issue 535: Support cookies on file:// http://code.google.com/p/chromium/issues/detail?id=535
Comment #7 by lcamtuf: Cookies are *strictly* a HTTP mechanism as per RFC 2109. There should be no reasonable expectation for them to work for protocols other than HTTP, much less file:///, and it is not clear what their behavior should be, and what rules of security compartmentalization should apply. Some example questions: should cookies for file:///c:/foo/ be shared with file:///c:/bar/? what about cookies for file://otherhost/baz? should cookies from ftp://example.com be shared with http://example.com? what about HTML files downloaded to local disk from the Internet, should they keep their original context, or intrude that of any HTML code installed locally? Lacking clear and consciously defined rules, this is a ticking time bomb. Historically, various browsers followed somewhat inconsistent rules in this department, mostly out of oversight. Most of these mechanisms have undesirable security consequences, too. A very small fraction of applications took the availability of file:// or ftp:// or SMB/NFS cookies for granted and started to rely on this undocumented mechanism for unusual applications. I would be willing to pretty strongly assert that this is a failing on the side of the application, not a particular browser. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
