Deprecate modification of 'secure' cookies from non-secure origins
Google, Inc
This document updates RFC6265 by removing the ability for a non- secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set. This deprecation improves the isolation between HTTP and HTTPS origins, and reduces the risk of malicious interference.