earlier replies
Replying to @patricktoomey @maxime_serrano @bilcorry @mikewest @ericlaw @Scott_Helme @manicode
Thinking back to github.blog/2013-04-09-yummy… is a pretty good old write up about just how gross all of this is. It is madness to start..even wilder you can’t tell where your cookies even come from (subdomain set or not).
1
2
>even wilder you can’t tell where your cookies >even come from (subdomain set or not) Which was the whole point of __HOST, right?
2
1
__Host is definitely a super handy primitive for this area for sure.
1
2
I’m really happy to hear that folks are using it. :)
2
4
wait .. is it not common? Its pretty high up in my list of simple, solid wins in a web app
1
😂 - come on now...you know you live in a web security bubble 😛
1
2
I was hoping my bubble does cover a big chunk of page loads though
2
1
Although, on second thought, I suspect my bubble doesn't cover most cookies. Those are set by a .. different crowd. We just need the EU to mandate __Host. Its the obvious next step for Mike after his w3c leadership
1
2
Nominated as head webmaster for all sites.
1
1
Replying to @patricktoomey @frgx @maxime_serrano @ericlaw @Scott_Helme @manicode
Just tell the internet to forward all mail for webmaster@ to @mikewest

Apr 29, 2020 · 2:20 AM UTC

1
1