Don't set the cookie domain to the host by default, as it breaks Cookie Prefixes
The Cookie Prefixes spec disallows the use of the `domain` attribute in cookies if the `__Host-` prefix is used (https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00#section-3.2). There's no need to set it to the host by default, so make it optional. If it is set to a non-empty value, still output a warning if it is not a suffix of the host, as that's likely not wanted. Fixes #352.
parent
b90a2347
Please register or sign in to comment