Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FYI] Clear Client Hints via Clear-Site-Data header #871

Closed
1 task done
arichiv opened this issue Jul 17, 2023 · 4 comments
Closed
1 task done

[FYI] Clear Client Hints via Clear-Site-Data header #871

arichiv opened this issue Jul 17, 2023 · 4 comments
Assignees
Labels
Missing: Multi-stakeholder support Lack of multi-stakeholder support Resolution: satisfied with concerns The TAG is satisfied with this work overall but requires changes Topic: Client Hints Venue: WICG

Comments

@arichiv
Copy link

arichiv commented Jul 17, 2023

こんにちは TAG-さん!

I'm requesting a TAG review of Clear Client Hints via Clear-Site-Data header.

Websites will now be able to clear the client hints cache using Clear-Site-Data: “clientHints”. Client hints will also now be cleared when “cookies”, “cache”, or “*” are targeted by the same header. This is because if the user clears cookies in the UI client hints are already cleared as well, the client hints cache is a cache, and to be consistent with wildcard targets respectively.

Further details:

You should also know that...

The only current way for a website to force the client hint cache to be cleared is to send a single header like Accept-CH: with no content. If any other Accept-CH: headers are sent at all (empty or not) this will cause all of them to be ignored. If the Accept-CH header is injected into an HTTP response at multiple points, it can be difficult to silence them all when one part of the server wishes to clear all hints. This header provides a way to do that, as the Clear-Site-Data: “clientHints” header clears the cache and causes all other Accept-Ch or Critical-CH headers to be ignored.

We'd prefer the TAG provide feedback as (please delete all but the desired option):

🐛 open issues in our GitHub repo for each point of feedback

@torgo
Copy link
Member

torgo commented Jul 19, 2023

Hi @arichiv we're seeing in Chromestatus no signals from Firefox or Safari. Is there any multi-stakeholder support? There's no explainer provided so we're not sure what the documented user need is. We're also wondering if alternative mechanisms were explored? Given that this is a new http header, it seems like maybe a little more than an FYI would be appropriate here.

@torgo torgo added this to the 2023-07-31-f2f-Mos-Eisley milestone Jul 19, 2023
@arichiv
Copy link
Author

arichiv commented Jul 19, 2023

Fair enough, I figured it was more of an extension of #62.

There isn't multi-stakeholder support AFAIK as only Blink currently implements client hints.

@arichiv
Copy link
Author

arichiv commented Jul 19, 2023

Oh, and as for other approaches, the main existing one is sending an empty Accept-CH header like: Accept-CH: in the HTTP response. This violates the sf-list standard though, and gets confused if multiple Accept-CH headers are sent, so this replacement was proposed after discussion on WICG/client-hints-infrastructure#155 (comment)

@torgo
Copy link
Member

torgo commented Aug 3, 2023

Hi @arichiv – the proposal itself seems fine, when taken in the context of client hints.

A meta comment regarding client hints: in 2018, the TAG gave an initially positive review to the client hints design. However subsequently client hints has failed to garner multi-stakeholder support, specifically from other browsers. In more recent reviews, we have been flagging this and trying to advocate for multi-browser support (multiple implementations) as a key aspect of new features we want to add to the web. The TAG remains concerned that we are building new features and technologies on top of other features that do not enjoy multiple implementations and are not supported across multiple platforms.

@torgo torgo closed this as completed Aug 3, 2023
@torgo torgo added Missing: Multi-stakeholder support Lack of multi-stakeholder support Resolution: satisfied with concerns The TAG is satisfied with this work overall but requires changes Venue: WICG labels Aug 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Missing: Multi-stakeholder support Lack of multi-stakeholder support Resolution: satisfied with concerns The TAG is satisfied with this work overall but requires changes Topic: Client Hints Venue: WICG
Projects
None yet
Development

No branches or pull requests

3 participants