rebased PC-BSD.xml (fixed #5608)

[J0WI]

No description provided.

[jeremyn]

• Move https://api.pcbsd.org from mismatch to target
• Note https://pbibuild.pcbsd.org and https://pbibuild64.pcbsd.org as mismatches
• We don't need this insecure cookie comment, right?
• I think we can generalize the securecookie tag to <securecookie host=".+" name=".+" />

[J0WI]

I would keep the insecure cookie comment, because there is no drawback and dev may get aware of the issue.
I had to remove the generic securecookie rule, because ^ and www are not fully secureable. The other hosts aren't serving any cookies.

[jeremyn]

Do you mean that some of the ^/www cookies are not isSecure even with the generic securecookie? It doesn't break anything though, right?

[J0WI]

If you set the secure flag on the cookies but you can't access the site over https (because of mixed content), the site is not able to read the cookies.

[jeremyn]

I think I understand. Are we running into a securecookie problem here because www.pcbsd.org is only partially allowed?

Also, for the comment, the drawback of the comment is that we are repeating ourselves between it and the securecookie tag itself. But if you want to leave the comment in, that's fine.

[J0WI]

I think I understand. Are we running into a securecookie problem here because www.pcbsd.org is only partially allowed?

Exactly.

[jeremyn]

Thanks, merged.