Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear Client Hints via Clear-Site-Data header #230

Open
arichiv opened this issue Jul 17, 2023 · 1 comment
Open

Clear Client Hints via Clear-Site-Data header #230

arichiv opened this issue Jul 17, 2023 · 1 comment
Labels
blocked Coming to a position is blocked on issues identified with the spec or proposal. from: Google Proposed, edited, or co-edited by Google. topic: http Spec relates to the HTTP (Hypertext Transfer Protocol) family of protocols venue: W3C Web Application Security WG Proposal is being reviewed in the W3C's Web Application Security WG (aka WebAppSec)

Comments

@arichiv
Copy link

arichiv commented Jul 17, 2023

WebKittens

@annevk

Title of the spec

Clear Client Hints via Clear-Site-Data header

URL to the spec

https://w3c.github.io/webappsec-clear-site-data/

URL to the spec's repository

https://github.com/w3c/webappsec-clear-site-data/issues/new

Issue Tracker URL

https://crbug.com/1458394

Explainer URL

https://groups.google.com/a/chromium.org/g/blink-dev/c/lJY86eTPQ0s/

TAG Design Review URL

w3ctag/design-reviews#871

Mozilla standards-positions issue URL

mozilla/standards-positions#848

WebKit Bugzilla URL

No response

Radar URL

No response

Description

Websites will now be able to clear the client hints cache using Clear-Site-Data: “clientHints”. Client hints will also now be cleared when “cookies”, “cache”, or “*” are targeted by the same header. This is because if the user clears cookies in the UI client hints are already cleared as well, the client hints cache is a cache, and to be consistent with wildcard targets respectively.

@lukewarlow lukewarlow added topic: http Spec relates to the HTTP (Hypertext Transfer Protocol) family of protocols venue: W3C Web Application Security WG Proposal is being reviewed in the W3C's Web Application Security WG (aka WebAppSec) from: Google Proposed, edited, or co-edited by Google. labels Jul 19, 2023
@annevk
Copy link
Contributor

annevk commented Jul 25, 2023

It seems the intent is for this to be only available to top-level documents, although how that works exactly looks a bit sketchy (there's no relevant settings object of nothing). Anyway, that explains why it being keyed solely on origin is not necessarily bad.

A more complete analysis of this is blocked on #20.

@annevk annevk added the blocked Coming to a position is blocked on issues identified with the spec or proposal. label Jul 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
blocked Coming to a position is blocked on issues identified with the spec or proposal. from: Google Proposed, edited, or co-edited by Google. topic: http Spec relates to the HTTP (Hypertext Transfer Protocol) family of protocols venue: W3C Web Application Security WG Proposal is being reviewed in the W3C's Web Application Security WG (aka WebAppSec)
Projects
None yet
Development

No branches or pull requests

3 participants