romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-16 21:26:22 +03:00
Code Issues Projects Releases Packages Wiki Activity

HTTP-COOKIES.md: mention that http://localhost is a secure context

Browse source 
Reported-by: Trail of Bits

Closes #9938
This commit is contained in:
Daniel Stenberg 2022-11-17 19:08:56 +01:00
parent e9c580de4e
commit b473df52bb
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
docs/HTTP-COOKIES.md
View file

@ -29,6 +29,11 @@
RFC6265. Cookie prefixes and secure cookie modification protection has been
implemented by curl.
curl considers `http://localhost` to be a *secure context*, meaning that it
will allow and use cookies marked with the `secure` keyword even when done
over plain HTTP for this host. curl does this to match how popular browsers
work with secure cookies.
## Cookies saved to disk
Netscape once created a file format for storing cookies on disk so that they