Closed
Bug 1470111
Opened 6 years ago
Closed 6 years ago
Enable Clear-Site-Data header by default
Categories
(Core :: DOM: Security, enhancement, P3)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla63
People
(Reporter: baku, Assigned: baku)
References
Details
(Keywords: dev-doc-complete, Whiteboard: [domsecurity-backlog1] [domsecurity-active])
Attachments
(1 file)
1.03 KB,
patch
|
ckerschb
:
review+
|
Details | Diff | Splinter Review |
This new feature is disabled by a pref: dom.clearSiteData.enabled.
Updated•6 years ago
|
Updated•6 years ago
|
Keywords: dev-doc-needed
Assignee | ||
Comment 1•6 years ago
|
||
I'm going to land the last remaining dependence today. I'm also going to send a Intent to Ship email.
Assignee: nobody → amarchesini
Assignee | ||
Updated•6 years ago
|
Attachment #8993589 -
Flags: review?(ckerschb)
Assignee | ||
Updated•6 years ago
|
Status: NEW → ASSIGNED
Whiteboard: [domsecurity-backlog1] → [domsecurity-backlog1] [domsecurity-active]
Assignee | ||
Updated•6 years ago
|
relnote-firefox:
--- → ?
Comment 2•6 years ago
|
||
Comment on attachment 8993589 [details] [diff] [review] clearSiteData.patch Review of attachment 8993589 [details] [diff] [review]: ----------------------------------------------------------------- ship it :-) thanks, r=me
Attachment #8993589 -
Flags: review?(ckerschb) → review+
Pushed by amarchesini@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/62fd708ed9d9 Enable Clear-Site-Data header by default, r=ckerschb
Assignee | ||
Comment 4•6 years ago
|
||
[Why is this notable]: From the spec: "Developers may instruct a user agent to clear various types of relevant data by delivering a Clear-Site-Data HTTP response header in response to a request.". This is a powerful feature to expose and to describe to users. We are planning to write a blog post about it. [Affects Firefox for Android]: supported [Links (documentation, blog post, etc)]: https://w3c.github.io/webappsec-clear-site-data/
Comment 5•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/62fd708ed9d9
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
Comment 6•6 years ago
|
||
(In reply to Andrea Marchesini [:baku] from comment #4) > [Why is this notable]: From the spec: "Developers may instruct a user agent > to clear various types of relevant data by delivering a Clear-Site-Data HTTP > response header in response to a request.". This is a powerful feature to > expose and to describe to users. We are planning to write a blog post about > it. > [Affects Firefox for Android]: supported > [Links (documentation, blog post, etc)]: > https://w3c.github.io/webappsec-clear-site-data/ Andrea, am I understanding correctly that this is a feature targeting Web developers only? Usually our release notes target mostly our end-users and we have a link on these release notes to an MDN page which lists all the devtools and platform changes that target developers (will be https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/63). Did you mean to have this feature listed there or did you mean to have it listed in our general release notes (like https://www.mozilla.org/en-US/firefox/61.0a1/releasenotes)? If the former then the dev-doc-needed keyword is enough. Thanks
Flags: needinfo?(amarchesini)
Assignee | ||
Comment 7•6 years ago
|
||
> Usually our release notes target mostly our end-users and we have a link on
> these release notes to an MDN page which lists all the devtools and platform
> changes that target developers (will be
> https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/63).
I would like to have Clear-Site-Data listed here, yes.
This feature is something new that will be probably used by websites to have a better control of cache and storage data.
For give an example, gmail.com seems to use feature. It's important to communicate that firefox supports this feature since 63.
Unfortunately it's not an API. Maybe we should add this in 'security' or 'other' section.
Let's see what ckerschb says about it.
Flags: needinfo?(amarchesini) → needinfo?(ckerschb)
Comment 8•6 years ago
|
||
(In reply to Andrea Marchesini [:baku] from comment #7) > > Usually our release notes target mostly our end-users and we have a link on > > these release notes to an MDN page which lists all the devtools and platform > > changes that target developers (will be > > https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/63). > > I would like to have Clear-Site-Data listed here, yes. > This feature is something new that will be probably used by websites to have > a better control of cache and storage data. > For give an example, gmail.com seems to use feature. It's important to > communicate that firefox supports this feature since 63. > Unfortunately it's not an API. Maybe we should add this in 'security' or > 'other' section. > Let's see what ckerschb says about it. Yeah, I guess we should add it to the section 'Security' where we usually post updates regarding CSP, Mixed Content Blocking, or most recently the changes regarding the referrer policy (even though that was in the 'HTTP' section I just found out :-)) see: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/62
Flags: needinfo?(ckerschb)
Comment 10•6 years ago
|
||
Updated: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data Added to: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/63#HTTP
Keywords: dev-doc-needed → dev-doc-complete
You need to log in
before you can comment on or make changes to this bug.
Description
•