#14810: Implement public suffix list to filter cookies
------------------------------+------------------------------
Reporter: pulkomandy | Owner: nobody
Type: bug | Status: new
Priority: high | Milestone: Unscheduled
Component: Kits/Network Kit | Version: R1/Development
Keywords: | Blocked By:
Blocking: | Has a Patch: 0
Platform: All |
------------------------------+------------------------------
It should not be possible to set a cookie on a public suffix (eg
*.github.io, *.co.uk, ...). Currently we do not filter these out. This
allows users to set cookies that affect other websites sharing the same
suffix, allowing them tp spy on and track users.
Use of libnspsl or another public suffix library is possible to avoid
rewriting all the logic ourselves.
--
Ticket URL: <https://dev.haiku-os.org/ticket/14810>
Haiku <https://dev.haiku-os.org>
The Haiku operating system.