annevk
commented
5 years ago (One way to go here might be to make the Storage Standard own this header as well so they can evolve together more easily.)
Open asutherland opened 5 years ago
annevk
commented
5 years ago (One way to go here might be to make the Storage Standard own this header as well so they can evolve together more easily.)
We're working towards adding multiple storage buckets per origin at https://github.com/whatwg/storage/issues/2. The idea behind storage buckets are that they constitute separate groups of atomically evictable storage. So, sub-partitions of the current "storage" type. Each bucket would have a name that is not displayed to the user (there is a separate "title" for that). The name could be constrained to only ASCII values.
It's not immediately clear what the syntax would be for the HTTP header to identify a specific storage bucket for clearing. Reading https://w3c.github.io/webappsec-clear-site-data/#header and https://w3c.github.io/webappsec-clear-site-data/#parsing there is no prior art in the spec. https://httpwg.org/http-extensions/draft-ietf-httpbis-header-structure.html#list suggests inner lists might work? So
Clear-Site-Data: ("storage" "bucket1"), "cookies"would clear bucket1 and cookies. The other alternative would seem to be using a prefix within the existing string list, soClear-Site-Data: "storage:bucket1", "cookies"would accomplish the same thing.What would be the right course of action to evolve Clear-Site-Data to support buckets as they move forward with standardization?