1193471 - Please restore functionality of window.crypto.logout

Status: RESOLVED WONTFIX

(Core :: Security: PSM, defect)

Description

[Daniel]

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Build ID: 20150804131237

Steps to reproduce:

Call window.crypto.logout in javascript. 


Actual results:

Get the message that the this method is unsupported.


Expected results:

SSL Session is invalidated.

Comment 1

[Daniel]

"window.crypto.logout is not a function" is the error message.

Comment 2

[Daniel]

https://bugzilla.mozilla.org/show_bug.cgi?id=1030963 removed this functionality but without any alternative.

Comment 3

[Dirkjan Ochtman (:djc)]

Thanks for the report.

A bug is generally not the best place to have a discussion about this sort of thing. If you want to argue the case for window.crypto, I'd like to invite you to write to the dev-platform mailing list, here:

https://lists.mozilla.org/listinfo/dev-platform

and start a new thread about why you want window.crypto to keep working. I would advise you to take the original bug into account, explain your usage of this particular API and the use case that it served and that is no longer filling your needs.

Note that, given the nature of bug 1030963, it's probably not likely that this API will be reinstated permanently, but people can help you find better alternatives, how to implement your use case (possibly even by working with specifications groups to get your use case filled in), or even to delay the removal of this functionality to give you more time to implement a workaround.

Comment 4

[Dirkjan Ochtman (:djc)]

I'll also note that you're rather late in remarking this, given that the API was removed in Firefox 34 already. This probably makes the case for reinstating it even weaker.