Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clear-Site-Data integration is incorrect #93

Open
annevk opened this issue Dec 5, 2024 · 1 comment
Open

Clear-Site-Data integration is incorrect #93

annevk opened this issue Dec 5, 2024 · 1 comment
Labels
agenda+

Comments

@annevk
Copy link

annevk commented Dec 5, 2024

I was made aware of https://datatracker.ietf.org/doc/html/draft-cutler-httpbis-partitioned-cookies#name-partitioned-cookies-and-cle (is there a more recent document?) which seems quite wrong.

In particular the discussion in privacycg/storage-partitioning#11 ended up with the conclusion that Clear-Site-Data should not have the ability to clear beyond the partition of the site that emits it, which is not what this document is doing.

It also has rather undefined "top-document" terms that somehow support a same-site comparison. All of that ought to be cleaned up too.
@aselya
Copy link

aselya commented Jan 7, 2025

We would like to add a new section defining an algorithm for computing a response's cookie partition key, which would could also be the definition used for a corresponding request's key.

This new algorithm will address the creation of a new partitioned cookie when Set-Cookie contains Partitioned and provides a method for calculating the partition key needed for Clear-Site-Data.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
agenda+
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@annevk @johannhof @aselya