Opened 6 years ago
Last modified 5 years ago
#31425 new New feature
Support for Clear-Site-Data header.
| Reported by: | Mads Jensen | Owned by: | nobody |
|---|---|---|---|
| Component: | HTTP handling | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Someday/Maybe | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
There's a new header described at https://github.com/w3c/webappsec-clear-site-data that can be used to enforce the browser to remove various types of data that the user leaves behind. A usage example is to clear data on either an account deletion, or simply when signing out. Examples are the cache and the cookies. The document is still a working draft.
Some time ago, support for the cookie SameSite flag was implemented.
It appears that the major browser vendors have implemented support for it, to some extend. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data
Change History (1)
comment:1 by , 6 years ago
| Description: | modified (diff) |
|---|---|
| Summary: | Support for Clear-Site-Data header → Support for Clear-Site-Data header. |
| Triage Stage: | Unreviewed → Someday/Maybe |
Note:
See TracTickets
for help on using tickets.
Marking as "Someday/Maybe" because specification is still a draft and may change at any moment.