summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author TreeHugger Robot <treehugger-gerrit@google.com> 2020-02-17 10:56:03 +0000
committer Android (Google) Code Review <android-gerrit@google.com> 2020-02-17 10:56:03 +0000
commitd73f4e387c3af42abc4f5e89afe23de1c16d42f7 (patch)
tree0a208bc0fd40b5924eaa12ab3877d553d7b449f5
parentc3e39337701fc7085e0c65c3c11dcc09c77cd284 (diff)
parentbc22d8638b0c3ba4e5c6a5c874588d74403f309b (diff)
Merge "WebView: deprecate 'Secure' cookies for insecure schemes"
Diffstat
-rw-r--r--core/java/android/webkit/CookieManager.java6
1 files changed, 6 insertions, 0 deletions
diff --git a/core/java/android/webkit/CookieManager.java b/core/java/android/webkit/CookieManager.java
index 3824c22a40a7..ff80ef7b2e94 100644
--- a/core/java/android/webkit/CookieManager.java
+++ b/core/java/android/webkit/CookieManager.java
@@ -102,6 +102,9 @@ public abstract class CookieManager {
* path and name will be replaced with the new cookie. The cookie being set
* will be ignored if it is expired.
*
+ * <p class="note"><b>Note:</b> if specifying a {@code value} containing the {@code "Secure"}
+ * attribute, {@code url} must use the {@code "https://"} scheme.
+ *
* @param url the URL for which the cookie is to be set
* @param value the cookie as a string, using the format of the 'Set-Cookie'
* HTTP response header
@@ -122,6 +125,9 @@ public abstract class CookieManager {
* completes or whether it succeeded, and in this case it is safe to call the method from a
* thread without a Looper.
*
+ * <p class="note"><b>Note:</b> if specifying a {@code value} containing the {@code "Secure"}
+ * attribute, {@code url} must use the {@code "https://"} scheme.
+ *
* @param url the URL for which the cookie is to be set
* @param value the cookie as a string, using the format of the 'Set-Cookie'
* HTTP response header
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-08 21:20:08 +0000