Allow HTTPS cookies but not HTTP?

10

1

I want to allow cookies for a domain but only over HTTPS -- not cookies from the same domain that come from HTTP. For example, I don't want any http://www.google.com cookies, but I do want to allow https://www.google.com cookies (because Calendars are there).

Is there a way to do this? Does the goal even make sense?

In Chrome, it only allows domain names, not URLs, to be added to the cookie exception list. In Firefox, it allows a protocol, but it only records the domain name, and if you click "Allow" or "Deny", it changes the same entry in the list.

Ken

Posted 2011-01-18T17:50:09.213

Reputation: 2 669

3Maybe it matters for you; if so then you might need to limit your question even more: cookies that are served through HTTPS, but do not have the secure flag set, will also be sent back to the web server when using plain HTTP. – Arjan – 2011-01-18T18:27:46.017

Answers

6

NoScript for firefox solves this problem:

http://noscript.net/faq#qa6_1 (last three lines of the paragraph)

Details here: http://hackademix.net/2008/09/10/noscript-vs-insecure-cookies/

Shadok

Posted 2011-01-18T17:50:09.213

Reputation: 3 760

+1 - I was going to suggest building an extension, but it looks like one already exists. – jmort253 – 2011-02-05T08:55:27.330

And NoScript is a very good one, have a look to their changelogs if you want to learn that you know nothing to javascript security ^^ – Shadok – 2011-02-07T16:07:29.573

2

Is there a way to do this?

Privoxy can do this for you and works for the browsers you change the proxy of.

As it doesn't handle HTTPS traffic it will only filter HTTP traffic, you could use cookie crunching

The user.action file should look similar to this:

{ +crunch-incoming-cookies +crunch-outgoing-cookies }
/ # Match all URLs

Does the goal even make sense?

Although it will make you more secure, I don't see the need to do it.

You might as well break some sites you use on a daily basis, but Privoxy allows you to allow those sites...

Tamara Wijsman

Posted 2011-01-18T17:50:09.213

Reputation: 54 163

Asked: 2011-01-18T17:50:09.213

Viewed: 674 times

Active: 2011-02-06T23:11:49.610