: Etherpad users! We are developing an extension that will allow you to create pages from etherpads quickly and easily. Please visit our sandbox and help us test it.


From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.


Same Domain Cookies
Stage Draft
Status In progress
Release target Firefox 20
Health OK
Status note https://bugzilla.mozilla.org/show_bug.cgi?id=795346


Product manager `
Directly Responsible Individual Mark Goodwin
Lead engineer `
Security lead `
Privacy lead `
Localization lead `
Accessibility lead `
QA lead `
UX lead `
Product marketing lead `
Operations lead `
Additional members `

Open issues/risks


Stage 1: Definition

1. Feature overview

SameDomain cookie is a CSRF prevention measure

The mechanism consists of a new cookie flag (tentatively called SameDomain) which, when set, instructs the browser to only send the cookie when the cookie domain attribute matches the domain of the referring URI. Aside from this restriction, browser should behave exactly as they would otherwise.

2. Users & use cases


3. Dependencies


4. Requirements

The goal of this feature is to provide a robust CSRF protection mechanism which is simple to understand and easy for site owners to implement. (more detail to follow)



Stage 2: Design

5. Functional specification


6. User experience design

There should be little or no user-visible associated with this feature.

Stage 3: Planning

7. Implementation plan


8. Reviews

Security review


Privacy review


Localization review




Quality Assurance review


Operations review


Stage 4: Development

9. Implementation


Stage 5: Release

10. Landing criteria


Feature details

Priority P3
Rank 999
Theme / Goal Web Hardening
Roadmap Security
Secondary roadmap Platform
Feature list `
Project `
Engineering team `

Team status notes

  status notes
Products ` `
Engineering ` `
Security sec-review-unnecessary should be floated as spec
Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance ` `
User experience ` `
Product marketing ` `
Operations ` `

Original writeup is here: http://people.mozilla.org/~mgoodwin/OriginOnly/