Revert "Merge pull request rails#54230 from flavorjones/flavorjones-clear-site-data-on-logout"

byroot · byroot · commit 8d3ab6713fa9 · 2025-01-28T18:55:18.000+01:00
This reverts commit 2fe5f62, reversing changes made to d1f5753. Fix: rails#5437 `Clear-Site-Data` can cause Google Chrome to lock up for upwards of 20 seconds. Ref: https://issues.chromium.org/issues/41343050 Given this issue doesn't seem likely to be fixed by Chrome soon, and given Chrome current market share, that seem like a big footgun for users.
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md
@@ -24,13 +24,6 @@
 
     *Petrik de Heus*
 
-*   The authentication generator's `SessionsController` sets the `Clear-Site-Data` header on logout.
-
-    By default the header will be set to `"cache","storage"` to help prevent data leakage after
-    logout via the browser's "back/forward cache".
-
-    *Mike Dalessio*
-
 *   Introduce `RAILS_MASTER_KEY` placeholder in generated ci.yml files
 
     *Steve Polito*
diff --git a/railties/lib/rails/generators/rails/authentication/templates/app/controllers/concerns/authentication.rb.tt b/railties/lib/rails/generators/rails/authentication/templates/app/controllers/concerns/authentication.rb.tt
@@ -49,8 +49,4 @@ module Authentication
       Current.session.destroy
       cookies.delete(:session_id)
     end
-
-    def clear_site_data
-      response.headers["Clear-Site-Data"] = '"cache","storage"'
-    end
 end
diff --git a/railties/lib/rails/generators/rails/authentication/templates/app/controllers/sessions_controller.rb.tt b/railties/lib/rails/generators/rails/authentication/templates/app/controllers/sessions_controller.rb.tt
@@ -16,7 +16,6 @@ class SessionsController < ApplicationController
 
   def destroy
     terminate_session
-    clear_site_data
     redirect_to new_session_path
   end
 end
