Bug 251094 - The Clear-Site-Data HTTP header should obey origin partition
Summary: The Clear-Site-Data HTTP header should obey origin partition
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar
Depends on:
Blocks: 203215
  Show dependency treegraph
 
Reported: 2023-01-24 10:14 PST by Chris Dumez
Modified: 2023-01-26 20:50 PST (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2023-01-24 10:14:04 PST
The Clear-Site-Data HTTP header should obey origin partition. If shouldn't be possible for an iframe of origin A under top origin B to be able to clear site data from top origin A (and vice-versa).
Our storages are partitioned and the request to clear site data should respect that.
Comment 1 Chris Dumez 2023-01-24 10:18:13 PST
Pull request: https://github.com/WebKit/WebKit/pull/9053
Comment 2 EWS 2023-01-26 20:49:44 PST
Committed 259466@main (472954140c35): <https://commits.webkit.org/259466@main>

Reviewed commits have been landed. Closing PR #9053 and removing active labels.
Comment 3 Radar WebKit Bug Importer 2023-01-26 20:50:19 PST
<rdar://problem/104727671>