My JavaScript application may be run in a subfolder at a strange web server.
Is setting Path attribute of a cookie secure enough to prevent stealing secret data (with money!) from a user for whom I set the cookie by programmers managing other folders of the same server?
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies :
The
Pathattribute indicates a URL path that must exist in the requested URL in order to send the Cookie header.
Here it's said nothing about that the path must exist also in the requested URL also in order to allow JavaScript code of this path to retrieve the cookie.
Is it also secure when JavaScript History API is used to change the URL of the page without reloading?
Aucun commentaire:
Enregistrer un commentaire