[w3ctag/design-reviews] [FYI] Clear Client Hints via Clear-Site-Data header (Issue #871) from Ari Chivukula on 2023-07-17 (public-webapps-github@w3.org from July 2023)

From: Ari Chivukula <notifications@github.com>
Date: Mon, 17 Jul 2023 11:13:31 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/871@github.com>

こんにちは TAG-さん!

I'm requesting a TAG review of Clear Client Hints via Clear-Site-Data header.

Websites will now be able to clear the client hints cache using `Clear-Site-Data: “clientHints”`. Client hints will also now be cleared when “cookies”, “cache”, or “*” are targeted by the same header. This is because if the user clears cookies in the UI client hints are already cleared as well, the client hints cache is a cache, and to be consistent with wildcard targets respectively.

  - Specification URL: https://w3c.github.io/webappsec-clear-site-data/
  - Tests: https://wpt.fyi/results/client-hints/clear-site-data?label=experimental&label=master&aligned
  - GitHub repo (if you prefer feedback filed there): https://github.com/w3c/webappsec-clear-site-data/issues/new
  - Primary contacts (and their relationship to the specification):
      - @arichiv, Google
  - Organization(s)/project(s) driving the specification: Chromium
  - Key pieces of existing multi-stakeholder review or discussion of this specification:
    - MOZILLA TBD
    - WEBKIT TBD
  - External status/issue trackers for this specification (publicly visible, e.g. Chrome Status):
  - FEATURE TBD
  - BLINK-DEV TBD
  - https://crbug.com/1458394

Further details:

  - [x] I have reviewed the TAG's [Web Platform Design Principles](https://www.w3.org/TR/design-principles/)
  - Relevant time constraints or deadlines: Chrome M117 branch cut is August 8, 2023

You should also know that...

The only current way for a website to force the client hint cache to be cleared is to send a single header like `Accept-CH:` with no content. If any other `Accept-CH:` headers are sent at all (empty or not) this will cause all of them to be ignored. If the `Accept-CH` header is injected into an HTTP response at multiple points, it can be difficult to silence them all when one part of the server wishes to clear all hints. This header provides a way to do that, as the `Clear-Site-Data: “clientHints”` header clears the cache and causes all other `Accept-Ch` or `Critical-CH` headers to be ignored.

We'd prefer the TAG provide feedback as (please delete all but the desired option):

  🐛 open issues in our GitHub repo for **each point of feedback**


-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/871
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/871@github.com>

Received on Monday, 17 July 2023 18:13:38 UTC