1838506 - [meta] Implement Clear-Site-Data: cache

Status: NEW

(Toolkit :: Data Sanitization, enhancement)

Description

[Simon Pieters [:zcorpan]]

In https://bugzilla.mozilla.org/show_bug.cgi?id=1671182 "cache" was unshipped. It has been supported in Chrome since v61 and is supported in Safari TP (but not yet shipped even though it was originally mentioned in the release notes for Safari 16.4).

"cache" should also prevent bfcache, so that banks can use it as a reliable cross-browser mechanism to avoid bfcache. See https://github.com/whatwg/html/issues/5880#issuecomment-1591795664

Comment 1

[Simon Pieters [:zcorpan]]

This is assuming https://github.com/privacycg/storage-partitioning/issues/11 is resolved, otherwise we should instead see if "cache" can be removed from other browsers and we can try to solve the bfcache opt-out in a different way.

Comment 2

[Andrew Sutherland [:asuth] (he/him)]

Given that ClearSiteData.cpp lives in Toolkit :: Data Sanitization and the semantics around "cache" does not actually seem relate to storage[1], I am moving this to that component. That said, at a high level this is probably a cross-cutting concern and in particular I could see an implementation for this needing to ask the CanonicalBrowsingContexts and/or ContentParents for help to relay the clearing request.

1: There is some discussion in https://github.com/privacycg/storage-partitioning/issues/11 that does mention storage shelves and the storage key, but that is because the issue in general is discussing clear-site-data as a whole, not just the "cache" directive. My understanding is that "cache" explicitly relates to caches built using the network partition key or at least not built using the storage key.

Comment 3

[Benjamin VanderSloot [:bvandersloot]]

https://github.com/privacycg/storage-partitioning/issues/11 has been left open without any further work toward agreement. I'm surprised that Safari shipped it because when we un-shipped it, they had not and we had raised issues with it being underspecified and having privacy issues. There are also no WPT for "cache" in the clear-site-data folder.

On the upside, it would be simple to restore our implementation of it. Bug 1821651 actually removed the pref'd off behavior.

On the downside, I don't think our implementation never included the bfcache.
I don't see any direct clearing of the bfcache via our ClearDataService, however we do seem to disable the back and forward buttons from the UI when the ClearDataService is run with the Ci.nsIClearDataService.CLEAR_SESSION_HISTORY flag.

Comment 4

[Manuel Bucher [:manuel]]

This is a two-step process:

1. re-land previous implementation (networking cache, it likely addressed https://github.com/privacycg/storage-partitioning/issues/11, need to verify that)
2. implement bf-cache clearing. This depends on SHIP (Session History In Parent) being enabled all platforms. This is planned to land soon, likely tracked in Bug 1736121.

Comment 5

[Manuel Bucher [:manuel]]

Clear-Site: cache

• disabled in Bug 1671182.
• Code removed in Bug 1821651

The concerns for issue 11 were likely addressed by Bug 1685355.

Bug 1744611 was closed as WONTFIX due to disabling the feature, but needs attention again.

Bug 1730197 should probably also get some attention before enabling Clear-Site: cache again