Closed Bug 1501695 Opened 2 years ago Closed 2 years ago
Clear-Site-Data storage directive does not clear Cache or service worker
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36 Steps to reproduce: I'm on the latest stable, 63 Setup the repro app: https://github.com/asakusuma/sw-clear-site-data/tree/firefox-bug * Navigate to http://localhost:3000 * Click "Register service worker" * Click "Popluate Cache" * Open devTools and verify that cache has been populated and service worker is registered * Refresh * Notice that the index.html response included Clear-Site-Data: "storage" Actual results: Cache is not cleared and service worker is still registered. Click "Read cache" and "log sw registration" and see console output to confirm. Expected results: Cache should be completely cleared and the service worker should be unregistered
Component: Security → DOM: Service Workers
Theoretically we should be clearing this. I haven't tried your STR yet, though. Needinfo so that we don't forget about it.
> * Navigate to http://localhost:3000 By spec, Clear-Site-Data works only with secure connections. If you use https it will work.
User agents are allowed to include localhost as a secure connection: https://w3c.github.io/webappsec-secure-contexts/#localhost It's difficult to test behavior if localhost is not supported. The service worker spec specifically notes that localhost can be included: https://www.w3.org/TR/service-workers-1/#secure-context Clear-Site-Data spec does not explicitly note that localhost can be included: https://www.w3.org/TR/clear-site-data/#incomplete So perhaps this is better classified as a feature request and not a bug.
(In reply to asa.kusuma from comment #3) > User agents are allowed to include localhost as a secure connection: > https://w3c.github.io/webappsec-secure-contexts/#localhost Yes you are right. I realized it when checking how to support localhost. /me working on it.
Assignee: nobody → amarchesini
Comment on attachment 9019984 [details] [diff] [review] clearSiteDataLocalhost.patch Review of attachment 9019984 [details] [diff] [review]: ----------------------------------------------------------------- yeah, that looks sane to me - thanks! ::: toolkit/components/clearsitedata/ClearSiteData.cpp @@ +207,5 @@ > + return; > + } > + > + nsCOMPtr<nsIContentSecurityManager> csm = > + do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID); hah, I didn't know we an idl for the content security manager.
Attachment #9019984 - Flags: review?(ckerschb) → review+
Pushed by email@example.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/0bc87bd86202 ClearSiteData should be enabled for localhost, r=ckerschb
Thanks for the quick fix!
You need to log in before you can comment on or make changes to this bug.