PATCH: BR#66090 Cross-domain cookies [Final]

Dawit A. adawit at
Fri Dec 12 01:21:23 GMT 2003

On Thursday 11 December 2003 18:10, Waldo Bastian wrote:

> > The only exception is the redirection case I mentioned before. I am not
> > sure what should be done in that case, i.e. user types
> > and get redirected to What should happen to the
> > cookies from the redirected location if the "only accept cookies from
> > originating server" option is checked ?
> They should be accepted. I would argue that after the redirection, the main
> document URL is

That was my original thinking as well until I sat down and thought about it 
for a while. Accepting cookies in such cases would make us victim to the 
immediate redirection scheme. Say the user typed or clicked on 
"". All a site has to do to get around our checks is:>>

We would then endup accepting the cookie(s) from "". I guess 
there is nothing we can do about this since there might be legitimate reasons 
for doing the above.

> I have solved that by not setting any URL for cross-domain when a link is
> clicked manually. As a result the browserrun patch was no longer needed.

Meaning all user initiated actions, such as clicking on links and entering 
urls will not send the meta-data, right ? 

> I think it works nicely now, but please test.

I would if you only commited it. At least I did not see the cvs commit 
Dawit A.
"Preach what you practice, practice what you preach"

More information about the kde-core-devel mailing list