Closed Bug 1470111 Opened 2 years ago Closed Last year

Enable Clear-Site-Data header by default

Categories

(Core :: DOM: Security, enhancement, P3)

enhancement

Tracking

()

RESOLVED FIXED
mozilla63
Tracking Status
relnote-firefox --- -
firefox63 --- fixed

People

(Reporter: baku, Assigned: baku)

References

Details

(Keywords: dev-doc-complete, Whiteboard: [domsecurity-backlog1] [domsecurity-active])

Attachments

(1 file)

This new feature is disabled by a pref: dom.clearSiteData.enabled.
Depends on: 1468501
Depends on: 1268889
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
I'm going to land the last remaining dependence today.
I'm also going to send a Intent to Ship email.
Assignee: nobody → amarchesini
Attachment #8993589 - Flags: review?(ckerschb)
Status: NEW → ASSIGNED
Whiteboard: [domsecurity-backlog1] → [domsecurity-backlog1] [domsecurity-active]
relnote-firefox: --- → ?
Comment on attachment 8993589 [details] [diff] [review]
clearSiteData.patch

Review of attachment 8993589 [details] [diff] [review]:
-----------------------------------------------------------------

ship it :-)
thanks, r=me
Attachment #8993589 - Flags: review?(ckerschb) → review+
Pushed by amarchesini@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/62fd708ed9d9
Enable Clear-Site-Data header by default, r=ckerschb
[Why is this notable]: From the spec: "Developers may instruct a user agent to clear various types of relevant data by delivering a Clear-Site-Data HTTP response header in response to a request.". This is a powerful feature to expose and to describe to users. We are planning to write a blog post about it.
[Affects Firefox for Android]: supported
[Links (documentation, blog post, etc)]: https://w3c.github.io/webappsec-clear-site-data/
https://hg.mozilla.org/mozilla-central/rev/62fd708ed9d9
Status: ASSIGNED → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
(In reply to Andrea Marchesini [:baku] from comment #4)
> [Why is this notable]: From the spec: "Developers may instruct a user agent
> to clear various types of relevant data by delivering a Clear-Site-Data HTTP
> response header in response to a request.". This is a powerful feature to
> expose and to describe to users. We are planning to write a blog post about
> it.
> [Affects Firefox for Android]: supported
> [Links (documentation, blog post, etc)]:
> https://w3c.github.io/webappsec-clear-site-data/

Andrea, am I understanding correctly that this is a feature targeting Web developers only? 

Usually our release notes target mostly our end-users and we have a link on these release notes to an MDN page which lists all the devtools and platform changes that target developers (will be https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/63).

Did you mean to have this feature listed there or did you mean to have it listed in our general release notes (like https://www.mozilla.org/en-US/firefox/61.0a1/releasenotes)? If the former then the dev-doc-needed keyword is enough.

Thanks
Flags: needinfo?(amarchesini)
> Usually our release notes target mostly our end-users and we have a link on
> these release notes to an MDN page which lists all the devtools and platform
> changes that target developers (will be
> https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/63).

I would like to have Clear-Site-Data listed here, yes.
This feature is something new that will be probably used by websites to have a better control of cache and storage data.
For give an example, gmail.com seems to use feature. It's important to communicate that firefox supports this feature since 63.
Unfortunately it's not an API. Maybe we should add this in 'security' or 'other' section.
Let's see what ckerschb says about it.
Flags: needinfo?(amarchesini) → needinfo?(ckerschb)
(In reply to Andrea Marchesini [:baku] from comment #7)
> > Usually our release notes target mostly our end-users and we have a link on
> > these release notes to an MDN page which lists all the devtools and platform
> > changes that target developers (will be
> > https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/63).
> 
> I would like to have Clear-Site-Data listed here, yes.
> This feature is something new that will be probably used by websites to have
> a better control of cache and storage data.
> For give an example, gmail.com seems to use feature. It's important to
> communicate that firefox supports this feature since 63.
> Unfortunately it's not an API. Maybe we should add this in 'security' or
> 'other' section.
> Let's see what ckerschb says about it.

Yeah, I guess we should add it to the section 'Security' where we usually post updates regarding CSP, Mixed Content Blocking, or most recently the changes regarding the referrer policy (even though that was in the 'HTTP' section I just found out :-))

see: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/62
Flags: needinfo?(ckerschb)
Removing the relnote request as this will go on the MDN release page.
You need to log in before you can comment on or make changes to this bug.