On 2018-08-08 2:10 PM, Lemuel Johnson wrote:
On 8/7/2018 12:00 PM, xxyyz wrote:
On 2018-08-04 2:32 PM, David E. Ross wrote:
Thank you for the response - but I'm asking a very basic question:
Does allowing cookies from a specific site allow cookies from
"subsidiary" sites? Same question when blocking cookies.
It depends on how the cookie is created. From
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie:
Domain=<domain-value> Optional
Specifies those hosts to which the cookie will be sent. If not
specified, defaults to the host portion of the current document location
(but not including subdomains). Contrary to earlier specifications,
leading dots in domain names are ignored. If a domain is specified,
subdomains are always included.
If you allow cookies from yyy.zzz and a cookie is created without the
optional "Domain" parameter cookies from xxx.yyy.zzz are not allowed.
They ARE allowed if the Domain is specified.
Lem Johnson
Thank you. I think I understand this.
Another question (sort of the previous one in reverse):
If I block all cookies and allow cookies from https://aaa.xxx.yyy,
are cookies from https://xxx.yyy allowed? I assumed not, but I've
seen several cases where Cookie Manager lists cookies from the
latter. Does this also depend on whether or not the Domain is
specified in the cookie?
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
