> This business of using full HTTP requests with full cookies to domains that ar... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		JoshTriplett on July 31, 2017 \| parent \| context \| favorite \| on: It is easy to expose users' secret web habits, say... > This business of using full HTTP requests with full cookies to domains that are secondary to the site I'm visiting needs to end. When I go to Foo.com, the browser does not need to send all my cookies and info to bar.com, even if we're fetching resources to display on Foo.com. Bar.com in this case is acting as a dumb file server, it doesn't need cookies. Many third-party services (not just ads and tracking) currently rely on this behavior. That's not trivial to retract.

Pxtl on July 31, 2017 [–]

I didn't mean to imply it would be trivial. As I said, single-sign-on services would require substantial reworks.

JoshTriplett on July 31, 2017 | [–]

Not just single-sign-on. Also a wide variety of services that provide APIs.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact