From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 6 Oct 2016 07:40:47 +0000 (+0200)
Subject: TODO: Leave secure cookies alone
X-Git-Tag: curl-7_51_0~117
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=da1a2d1ac8d49e519cfa5928689fd313f4ba71d7;p=thirdparty%2Fcurl.git

TODO: Leave secure cookies alone
---

diff --git a/docs/TODO b/docs/TODO
index 1695d559c3..24bbcd208f 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -69,6 +69,7 @@
  5.7 Brotli compression
  5.8 QUIC
  5.9 Add easy argument to formpost functions
+ 5.10 Leave secure cookies alone
 
  6. TELNET
  6.1 ditch stdin
@@ -554,6 +555,14 @@ This is not detailed in any FTP specification.
  deprecating the old ones. Allows better error messages and is generally good
  API hygiene.
 
+5.10 Leave secure cookies alone
+
+ Non-secure origins (HTTP sites) should not be allowed to set or modify
+ cookies with the 'secure' property:
+
+ https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-01
+
+
 6. TELNET
 
 6.1 ditch stdin