Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Imagine how hard it would have been to untangle cross-site security if he had followed that scheme. As it is, we already have to have arbitrary restrictions on where in the domain hierarchy you can root things like cookies (e.g. if you're on www.example.com you can set cookies on example.com, but if you're on example.co.uk you can't set them on co.uk)


No worse than it is today, really. Just have a pubprefix instead of a pubsuffix list.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: