Copyright © 2023 World Wide Web Consortium. W3C® liability, trademark and permissive document license rules apply.
+Copyright © 2024 World Wide Web Consortium. W3C® liability, trademark and permissive document license rules apply.
This document defines an imperative mechanism which allows web developers to - - instruct a user agent to clear a site’s locally stored data related to a - host.
+instruct a user agent to clear a site’s locally stored data related to a +host.Resources from an origin are removed from the user agent’s local cache.
The Accept-CH cache for an origin is purged.
+The compression dictionaries for an origin is purged.
None of the above can be bypassed by a maliciously active document that retains interesting data in memory, and rewrites it if it’s cleared.
@@ -1026,7 +1080,7 @@Implementation details are in § 4.2.3 Clear cache for origin.
https://example.com/clear,
@@ -1051,8 +1105,8 @@ Clear-Site-Data: "cookies"
Note: Clearing cookies should also clear the Accept-CH cache for origin. This is because the cache is also cleared if the user - manually clears cookies.
+Note: Clearing cookies should also clear the Accept-CH cache and compression dictionaries for origin. This is because the cache + is also cleared if the user manually clears cookies.
storage"
The "storage" type indicates that the server wishes to remove
@@ -1088,6 +1142,19 @@
Note: The Accept-CH cache is also cleared for the cache and cookies options, so it should be used only when neither of the other options (or *) are applied.
+dictionaries"
+ The "dictionaries" type indicates that the server wishes clear the compression dictionaries for the origin of a particular response’s url.
https://example.com/clear,
+ the following header will cause the compression dictionaries for
+ origin https://example.com to be cleared:
+Clear-Site-Data: "dictionaries" ++
Note: The compression dictionaries is also cleared for the cache and cookies options, so it should be + used only when neither of the other options (or *) are + applied.
*"
The "*" (wildcard) pseudotype indicates that the server has the same
@@ -1098,7 +1165,7 @@
https://example.com to be cleared,
as well as execution contexts for the same origin to be neutered and
reloaded:
-Clear-Site-Data: "*" +Clear-Site-Data: "*"@@ -1114,17 +1181,17 @@- Note: Clearing cookies should also clear the [=Accept-CH cache=] for - origin. This is because the cache is also cleared if the user - manually clears cookies. + Note: Clearing cookies should also clear the [=Accept-CH cache=] and + [=compression dictionaries=] for origin. This is because the cache + is also cleared if the user manually clears cookies. : "`storage`" :: The "`storage`" type indicates that the server wishes to remove @@ -364,6 +368,26 @@3.1
Note: The syntax defined here is compatible with future extensions to this document which might add more granular filtering mechanisms to the types we’ve defined. For example, it’s likely that - "
cookies" will need to grow a mechanism to prevent deletion of specific cookie + "cookies" will need to grow a mechanism to prevent deletion of specific cookie values. Wrapping all of the type names in double-quotes means that we can easily shift from simple splitting-strings-on-commas processing to something more complicated (like processing the header value as JSON) without losing backwards compatibility.3.2. Fetch Integration
Monkey patching! Talk with Anne.
-If the
Clear-Site-Dataheader is present in an HTTP response received from the network, then data MUST be cleared before rendering the +If the
Clear-Site-Dataheader is present in an HTTP response received from the network, then data MUST be cleared before rendering the response to the user. That is, after step #14 in the current HTTP-network fetch algorithm, execute the following step:
- -
If credentials flag is set, and response’s header list contains a header named
Clear-Site-Data, then +If credentials flag is set, and response’s header list contains a header named
Clear-Site-Data, then execute § 4.2 Clear data for response on response.Note: This happens after
Set-Cookieheaders are @@ -1134,13 +1201,13 @@Set-Cookie header.
Note: If we clear the Accept-CH cache via the
Clear-Site-Dataheader then anyAccept-CHandCritical-CHheaders in the same request must be ignored.Note: While the fetch
credentials flagis intended to restrict the - modification of cookies,Clear-Site-Dataapplies the same restriction + modification of cookies,Clear-Site-Dataapplies the same restriction to all types for the sake of consistency.@@ -267,7 +271,7 @@ 4. Algorithms
4.1. Parsing
-Given a response, the user agent can parse response’s
+Clear-Site-Dataheader, returning a list of types, as follows:Given a response, the user agent can parse response’s
Clear-Site-Dataheader, returning a list of types, as follows:
Let types be an empty list.
@@ -1153,10 +1220,12 @@
- `
"cache"`- -
Append "cache" and "clientHints" to types.
+Append "cache" and "clientHints" and + "dictionaries" to types.
- `
"cookies"`- -
Append "cookies" and "clientHints" to types.
+Append "cookies" and "clientHints" and + "dictionaries" to types.
- `
"storage"`Append "storage" to types.
@@ -1166,10 +1235,14 @@`
"clientHints"`Append "clientHints" to types.
+- `
"dictionaries"` +- +
Append "dictionaries" to types.
- `
"*"`- -
Append "cache", "cookies", "storage", - "clientHints", and "executionContexts" to types.
+Append "cache", "cookies", "storage", + "clientHints", and "dictionaries", and + "executionContexts" to types.
Return types.
@@ -1177,15 +1250,15 @@Note: All of the existing values can be handled with the simple switch above. If and when more complex type definitions are created, the parser will likely shift over to JSON entirely.
4.2. Clear data for response
-Given a response (response), the user agent can clear site data for response as follows:
+Given a response (response), the user agent can clear site data for response as follows:
- -
If response’s url is not an a priori authenticated +
If response’s url is not an a priori authenticated URL, then break.
Let types be the result of parsing response’s
Clear-Site-Dataheader.- - +
Let browsing contexts be the result of preparing to clear data for origin and types.
@@ -1195,10 +1268,10 @@
Execute the first matching statement, if any, switching on type:
-
- "
cache" +- "
cache"- -
- "
cookies" +- "
cookies"- "
storage" @@ -1207,6 +1280,9 @@"
clientHints"Empty Accept-CH cache[origin].
+- "
dictionaries" +- +
Clear compression dictionaries for origin.
- @@ -1216,7 +1292,7 @@
4.2.1. Prepare to clear origin’s data
-Given an origin (origin) and a list of types (types), the user agent can prepare to clear origin’s data by executing +
Given an origin (origin) and a list of types (types), the user agent can prepare to clear origin’s data by executing the following steps. The algorithm returns a list of browsing contexts which have been sandboxed in order to prevent them from recreating cleared data from in-memory JavaScript variables.
@@ -1254,7 +1330,7 @@
4.2.3. Clear cache for origin
-Given an origin (origin), the user agent can clear cache for origin as follows:
+Given an origin (origin), the user agent can clear cache for origin as follows:
Let host be origin’s host.
@@ -1276,8 +1352,8 @@[STORAGE] will make this clearer?
4.2.4. Clear cookies for origin
-Given an origin (origin), the user agent can clear cookies for origin as follows:
-Note: We remove all the cookies for an entire registered domain, as cookies ignore the +
Given an origin (origin), the user agent can clear cookies for origin as follows:
+Note: We remove all the cookies for an entire registered domain, as cookies ignore the same-origin policy, and there’s a distinct risk that we’d leave applications in an ill-defined state if we only cleared cookies for a particular subdomain. Consider
accounts.google.comvsmail.google.com, for instance, both of which have cookies that signal a user’s signed-in status.Note: This algorithm assumes that the user agent has implemented a cookie store (as @@ -1285,7 +1361,7 @@
response's [=response/url=]. This includes the network cache, of course, but will also remove data from various other caches which a user agent implements (prerendered pages, script caches, shader - caches, [=Accept-CH cache=], etc.). + caches, [=Accept-CH cache=], [=compression dictionaries=], etc.). Implementation details are in [[#clear-cache]]. @@ -307,9 +311,9 @@
cookies options, so it should be used only when neither of the other options (or *) are applied. + : "`dictionaries`" + :: The "`dictionaries`" type indicates that the server wishes clear the + [=compression dictionaries=] for the origin of a particular + response's [=response/url=]. + +
+ When delivered with a response from `https://example.com/clear`, + the following header will cause the [=compression dictionaries=] for + origin `https://example.com` to be cleared: + ++ + Note: The [=compression dictionaries=] is also cleared for the + cache and cookies options, so it should be + used only when neither of the other options (or *) are + applied. + : "`*`" :: The "`*`" (wildcard) pseudotype indicates that the server has the same effect as specifying all types. @@ -451,18 +475,23 @@+ Clear-Site-Data: "dictionaries" ++Parsing
|type|: : \``"cache"`\` - :: Append "cache" and "clientHints" to |types|. + :: Append "cache" and "clientHints" and + "dictionaries" to |types|. : \``"cookies"`\` - :: Append "cookies" and "clientHints" to |types|. + :: Append "cookies" and "clientHints" and + "dictionaries" to |types|. : \``"storage"`\` :: Append "storage" to |types|. : \``"executionContexts"`\` :: Append "executionContexts" to |types|. : \``"clientHints"`\` :: Append "clientHints" to |types|. + : \``"dictionaries"`\` + :: Append "dictionaries" to |types|. : \``"*"`\` :: Append "cache", "cookies", "storage", - "clientHints", and "executionContexts" to |types|. + "clientHints", and "dictionaries", and + "executionContexts" to |types|. 5. Return |types|. @@ -501,6 +530,8 @@:: Clear DOM-accessible storage for |origin|. : "`clientHints`" :: [=list/Empty=] [=Accept-CH cache=][|origin|]. + : "`dictionaries`" + :: Clear [=compression dictionaries=] for |origin|. 6. If |types| contains "executionContexts", then Reload |browsing contexts|.