251094 – The Clear-Site-Data HTTP header should obey origin partition

RESOLVED FIXED 251094

The Clear-Site-Data HTTP header should obey origin partition

https://bugs.webkit.org/show_bug.cgi?id=251094

Summary The Clear-Site-Data HTTP header should obey origin partition

Chris Dumez

Reported 2023-01-24 10:14:04 PST

The Clear-Site-Data HTTP header should obey origin partition. If shouldn't be possible for an iframe of origin A under top origin B to be able to clear site data from top origin A (and vice-versa). Our storages are partitioned and the request to clear site data should respect that.

Attachments
Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2023-01-24 10:18:13 PST

Pull request: https://github.com/WebKit/WebKit/pull/9053

EWS

Comment 2 2023-01-26 20:49:44 PST

Committed 259466@main (472954140c35): <https://commits.webkit.org/259466@main> Reviewed commits have been landed. Closing PR #9053 and removing active labels.

Radar WebKit Bug Importer

Comment 3 2023-01-26 20:50:19 PST

<rdar://problem/104727671>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKit2

Assignee

Chris Dumez

Reported

2023-01-24 10:14 PST

Modified

2023-01-26 20:50 PST History

CC List

3 users Show

URL

Keywords InRadar

Depends on

Blocks

203215

Dependencies

tree graph