Hacker News new | past | comments | ask | show | jobs | submit login

I'm on the latest Firefox and it's allowing a Set-Cookie with the Secure flag over http (for localhost). This seems wrong to me, but maybe it's allowed for localhost specifically? Anyone else experience this?



Yes. localhost is considered a Secure Context via https://w3c.github.io/webappsec-secure-contexts/#potentially... - This is intentional to testing APIs which require a Secure Context easier to use during development. E.g., ServiceWorkers.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: