Timothy Flynn c00760c5f9 Browser+LibWeb+WebContent: Track the source of document.cookie requests ...

To implement the HttpOnly attribute, the CookieJar needs to know where a
request originated from. Namely, it needs to distinguish between HTTP /
non-HTTP (i.e. JavaScript) requests. When the HttpOnly attribute is set,
requests from JavaScript are to be blocked.

2021-04-14 16:07:46 +02:00

5.8 KiB

Raw Blame History

View Raw