Intent to Prototype & Ship: Clear Client Hints via Clear-Site-Data header

158 views
Skip to first unread message

Ari Chivukula

unread,
Jul 17, 2023, 4:39:49 PM7/17/23
to blink-dev
Updating subject to reflect intent.

~ Ari Chivukula (Their/There/They're)

On Mon, Jul 17, 2023, 14:35 Ari Chivukula <ari...@chromium.org> wrote:

Contact emails

ari...@chromium.org, mike...@chromium.org, yoav...@chromium.org


Specification

https://w3c.github.io/webappsec-clear-site-data/


Summary

Websites will now be able to clear the client hints cache using `Clear-Site-Data: “clientHints”`. Client hints will also now be cleared when “cookies”, “cache”, or “*” are targeted by the same header. This is because if the user clears cookies in the UI client hints are already cleared as well, the client hints cache is a cache, and to be consistent with wildcard targets respectively.


Blink component

Blink>Network>ClientHints


Motivation

The only current way for a website to force the client hint cache to be cleared is to send a single header like `Accept-CH:` with no content. If any other `Accept-CH:` headers are sent at all (empty or not) this will cause all of them to be ignored. If the `Accept-CH` header is injected into an HTTP response at multiple points, it can be difficult to silence them all when one part of the server wishes to clear all hints. This header provides a way to do that, as the `Clear-Site-Data: “clientHints”` header clears the cache and causes all other `Accept-Ch` or `Critical-CH` headers to be ignored.


TAG review

https://github.com/w3ctag/design-reviews/issues/871


Compatibility & Interoperability

We would be the first to implement if approved.


Gecko: https://github.com/mozilla/standards-positions/issues/848


WebKit: https://github.com/WebKit/standards-positions/issues/230


Web Developers: Requested by Akamai


Is this feature fully tested by web-platform-tests?

https://wpt.fyi/results/client-hints/clear-site-data?label=experimental&label=master&aligned


Tracking bug

https://crbug.com/1458394


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5105030738214912


Rick Byers

unread,
Jul 18, 2023, 2:00:55 PM7/18/23
to Ari Chivukula, blink-dev
Seems like a pretty minor and straightforward addition to an already shipped feature to me. LGTM1

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5DKYg7BhzS4zACkGB8AyqRe3Q3_6ZZaN7ohCbbOAhJD%3DoQ%40mail.gmail.com.

Ari Chivukula

unread,
Jul 24, 2023, 5:48:53 AM7/24/23
to Rick Byers, blink-dev
Wanted to bump review for this, thanks!

~ Ari Chivukula (Their/There/They're)

Daniel Bratell

unread,
Aug 1, 2023, 8:47:28 AM8/1/23
to Ari Chivukula, Rick Byers, blink-dev

LGTM2

/Daniel

Chris Harrelson

unread,
Aug 3, 2023, 10:10:57 AM8/3/23
to Daniel Bratell, Ari Chivukula, Rick Byers, blink-dev
LGTM3

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/ba57317a-d51a-034a-8e08-143ce9d5f550%40gmail.com.
Reply all
Reply to author
Forward
0 new messages