[mediacapture-main] deviceId and Clear-Site-Data (#836) from Dominique Hazael-Massieux via GitHub on 2021-12-08 (public-webrtc-logs@w3.org from December 2021)

From: Dominique Hazael-Massieux via GitHub <sysbot+gh@w3.org>
Date: Wed, 08 Dec 2021 08:41:47 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issues.opened-1074151124-1638952906-sysbot+gh@w3.org>

dontcallmedom has just created a new issue for https://github.com/w3c/mediacapture-main:

== deviceId and Clear-Site-Data ==
The spec requires that
> User Agents MUST rotate per-origin device identifiers when other persistent storage are cleared

One of the mechanisms that exist to clear persistent storage is the [`Clear-Site-Data` header](https://w3c.github.io/webappsec-clear-site-data/).

As far as I can tell, neither Chrome nor Firefox rotate `deviceId` when they encounter that header - I have a [test that shows it for the `cookies` value of the header](https://github.com/web-platform-tests/wpt/pull/31937/commits/ab9a7becfb4fe8197805f1f49499b9b37c320715), but I've verified that it remains true for `*`. (Safari doesn't implement that header).

I think it would be useful to confirm or infirm whether `Clear-Site-Data` is expected to impact `deviceId` rotation (I would argue the current wording implies that it is expected), and if so, to specify under what bucket of the header (I could imagine either `cookies` or `storage`).


Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/836 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 8 December 2021 08:41:51 UTC