Removed reference to one client of mine who happens to prefer security by obscurity over crystal box approaches. Clarified description a little bit as well and changed report to public. Test cases available on request, although shouldn't really be needed unless we want to white/blacklist this cookie per site.
** Description changed: - The sb-closed cookie added by bug #1329799 fix breaks some sites like - https://www.op.fi/op - - Extraneous cookies get classified as potential malware by several SSL - sites, but please keep this part private for now / edit this line out of - summary before disclosing this report. + The sb-closed cookie added by bug #1329799 fix breaks sites using WAFs + that classify extra cookies as malware or cookie poisoning. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1457405 Title: Unconditional sb-closed cookie incompatible with some sites Status in webbrowser-app package in Ubuntu: New Bug description: The sb-closed cookie added by bug #1329799 fix breaks sites using WAFs that classify extra cookies as malware or cookie poisoning. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/webbrowser-app/+bug/1457405/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
