开发者

What is a cookies domain set to when the cookie is set in a cdn (or other) hosted javascript file?

Given one website hosting a "widget" of another website, where that widget is not in an iframe but simply js dom manipulation and content fed through a jsonp connection. If the js file that serves the widget writes a javascript cookie will that cookie be marked with the domain that is hosting the widget js file or the domain that the widget is being displayed on (eg the domain that is hosting the html file that is includ开发者_Go百科ing the widget js file)?


It's the domain of the user's HTTP request (or the HTML file, in your example).

Here's why: imagine you’re on http://www.blackhat.com/test.html and include this file on that page http://www.facebook.com/cookielib.js.

This does not give you the right to read or write Facebook cookies with that JS file, that would be terrible. The user agent considers the domain in the address bar as the execution context, and all reading and writing of cookies happens on that domain.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜