Opened 4 months ago

Last modified 4 months ago

#31425 new New feature

Support for Clear-Site-Data header.

Reported by: Mads Jensen Owned by:
Component: HTTP handling Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Someday/Maybe
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by felixxm)

There's a new header described at https://github.com/w3c/webappsec-clear-site-data that can be used to enforce the browser to remove various types of data that the user leaves behind. A usage example is to clear data on either an account deletion, or simply when signing out. Examples are the cache and the cookies. The document is still a working draft.

Some time ago, support for the cookie SameSite flag was implemented.

It appears that the major browser vendors have implemented support for it, to some extend. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data

Change History (3)

comment:1 Changed 4 months ago by felixxm

Description: modified (diff)
Summary: Support for Clear-Site-Data headerSupport for Clear-Site-Data header.
Triage Stage: UnreviewedSomeday/Maybe

Marking as "Someday/Maybe" because specification is still a draft and may change at any moment.

comment:2 Changed 4 months ago by Andy Robles

Owner: changed from nobody to Andy Robles
Status: newassigned

comment:3 Changed 4 months ago by Andy Robles

Owner: Andy Robles deleted
Status: assignednew
Note: See TracTickets for help on using tickets.
Back to Top