Ancestors

Toot

Written by Robert Riemann 🇪🇺 on 2024-01-24 at 13:48

While scanning some websites for data protection processing, I noticed that #facebook sets the #facebookpixel to the .org top-level domain. 😲

This would normally mean that facebook can reuse the cookie across all websites using .org. Is that even allowed by browsers? Any experiences on this topic?

[#]gdpr #teamdatenschutz #cookies

=> View attached media

=> More informations about this toot | More toots from rriemann@chaos.social

Descendants

Written by Sven on 2024-01-24 at 13:53

@rriemann doesn't work in modern browsers, public suffixes are not valid as cookie domains. Wording in the specs suggest it might have worked at some point.

=> More informations about this toot | More toots from HeNeArXn@chaos.social

Written by Claudio Agosti on 2024-01-24 at 19:26

@rriemann should be forbidden by the set-cookie implementation to set a cookie outside of the origin domain, the RFC demands a domain name, so I'm guessing it's a bug

=> More informations about this toot | More toots from vecna@retro.pizza

Proxy Information

Original URL: gemini://mastogem.picasoft.net/thread/111811237481120333
Status Code: Success (20)
Meta: text/gemini
Capsule Response Time: 260.553648 milliseconds
Gemini-to-HTML Time: 0.587744 milliseconds

This content has been proxied by September (ba2dc).