© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
(In reply to comment #26)
> Dan Witte, a little bit help here. We had "network.
> you requested it to be removed (bug 223617). Now you want something similar?
No. Originally, the check that pref controlled was implemented for RFC2109
compliance, but it broke sites. That's why it was made a pref, disabled by
default - which isn't really useful for enhancing user privacy. Since we
couldn't enable the check without breaking sites again, the whole thing was
pretty much useless, and it was removed a while ago - mostly for the sake of
code cleanup.
This is a different situation - we're trying to find a more practical way of
solving the problem of cookies being set for TLD's. We want this to be something
enabled by default and not controlled by a pref (ideally).
> CC'ing <email address hidden>, since there's an actual security advisory about
> this: http://
That's the advisory I posted in comment 0... this problem isn't new (it's been
around for years), and it's pretty well known.