Merge pull request rails#54379 from byroot/revert-logout

byroot · web-flow · commit d5e4f2027779 · 2025-01-28T18:56:45.000+01:00
Revert "Clear-Site-Data in generated authentication code"
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md
@@ -24,13 +24,6 @@
 
     *Petrik de Heus*
 
-*   The authentication generator's `SessionsController` sets the `Clear-Site-Data` header on logout.
-
-    By default the header will be set to `"cache","storage"` to help prevent data leakage after
-    logout via the browser's "back/forward cache".
-
-    *Mike Dalessio*
-
 *   Introduce `RAILS_MASTER_KEY` placeholder in generated ci.yml files
 
     *Steve Polito*
diff --git a/railties/lib/rails/generators/rails/authentication/templates/app/controllers/concerns/authentication.rb.tt b/railties/lib/rails/generators/rails/authentication/templates/app/controllers/concerns/authentication.rb.tt
@@ -49,8 +49,4 @@ module Authentication
       Current.session.destroy
       cookies.delete(:session_id)
     end
-
-    def clear_site_data
-      response.headers["Clear-Site-Data"] = '"cache","storage"'
-    end
 end
diff --git a/railties/lib/rails/generators/rails/authentication/templates/app/controllers/sessions_controller.rb.tt b/railties/lib/rails/generators/rails/authentication/templates/app/controllers/sessions_controller.rb.tt
@@ -16,7 +16,6 @@ class SessionsController < ApplicationController
 
   def destroy
     terminate_session
-    clear_site_data
     redirect_to new_session_path
   end
 end
