Re: Proposal: a "clear site data" API.

On 12 June 2015 at 09:41, Mike West <mkwst@google.com> wrote:
> The spec does currently require HTTPS. I'm not sure we could reasonably
> relax that, for exactly the reasons you point to. It sounds like exactly the
> kind of API for which we'd want to require an authenticated and encrypted
> connection.

I actually think that having this on cleartext connections is a
benefit.  Unless there is persistent data that somehow prevents other
persistence from happening.  I'm not aware of any such feature.

Elsewhere, Henri Sivonen suggested that we make cookies on cleartext
origins less persistent by default.  This is seems consistent with
that philosophy.

Received on Friday, 12 June 2015 17:49:44 UTC