Skip to content

Commit dd1d7aa

Browse files
aaronpkaaronpk
committed
clarify __Host
1 parent 2fd26ba commit dd1d7aa

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

draft-ietf-oauth-browser-based-apps.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -454,7 +454,7 @@ The following cookie security guidelines are relevant for this particular BFF ar
454454
- The BFF SHOULD enable the *SameSite=Strict* flag for its cookies
455455
- The BFF SHOULD set its cookie path to */*
456456
- The BFF SHOULD NOT set the *Domain* attribute for cookies
457-
- The BFF SHOULD start the name of its cookies with the *__Host-* prefix ({{-draft-ietf-httpbis-rfc6265bis}})
457+
- The BFF SHOULD start the name of its cookies with the `__Host` prefix ({{-draft-ietf-httpbis-rfc6265bis}})
458458

459459
Note: In new deployments, all of the above requirements are likely to be straightforward to implement. The "SHOULD" items are only not "MUSTs" so that existing architectures can be compliant. The implications of these requirements are listed below.
460460

0 commit comments

Comments
 (0)