Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Clear-Site-Data header #5490

Merged
merged 1 commit into from Jun 29, 2017
Merged

Add Clear-Site-Data header #5490

merged 1 commit into from Jun 29, 2017

Conversation

LukasReschke
Copy link
Member

This adds a Clear-Site-Data header to the logout response which will delete all relevant data in the caches which may contain potentially sensitive content.

See https://w3c.github.io/webappsec-clear-site-data/#header for the definition of the types. Requires Canary + Experimental Web Platform features but will soon be shipped in stable 🙏 – so let's try this in master :)

Ref https://twitter.com/mikewest/status/877149667909406723

Signed-off-by: Lukas Reschke lukas@statuscode.ch

@LukasReschke
Add Clear-Site-Data header
2f87fb6 
This adds a Clear-Site-Data header to the logout response which will delete all relevant data in the caches which may contain potentially sensitive content.

See https://w3c.github.io/webappsec-clear-site-data/#header for the definition of the types.

Ref https://twitter.com/mikewest/status/877149667909406723

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
@LukasReschke LukasReschke added this to the Nextcloud 13 milestone Jun 20, 2017
@codecov
Copy link

codecov bot commented Jun 20, 2017

Codecov Report

Merging #5490 into master will increase coverage by <.01%.
The diff coverage is 100%.

@@             Coverage Diff              @@
##             master    #5490      +/-   ##
============================================
+ Coverage     54.14%   54.14%   +<.01%     
  Complexity    22345    22345              
============================================
  Files          1380     1380              
  Lines         85551    85553       +2     
  Branches       1329     1329              
============================================
+ Hits          46323    46326       +3     
+ Misses        39228    39227       -1
Impacted Files Coverage Δ Complexity Δ
core/Controller/LoginController.php 77.27% <100%> (+0.34%) 38 <0> (ø) ⬇️
lib/private/Server.php 93.31% <0%> (-0.15%) 120% <0%> (ø)
lib/private/Security/CertificateManager.php 91.83% <0%> (+1.02%) 39% <0%> (ø) ⬇️
lib/private/Files/Cache/Propagator.php 96.2% <0%> (+1.26%) 16% <0%> (ø) ⬇️

@tobiasKaminsky
Copy link
Member

👍

rullzer
rullzer approved these changes Jun 29, 2017
View reviewed changes
Copy link
Member

@rullzer rullzer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whoohoo

@LukasReschke LukasReschke merged commit 57c5a15 into master Jun 29, 2017
@LukasReschke LukasReschke deleted the add-clear-site-data-header branch June 29, 2017 11:32
@staabm staabm mentioned this pull request Sep 18, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rullzer rullzer rullzer approved these changes

Assignees
No one assigned
Labels
3. to review Waiting for reviews enhancement security
Projects
No open projects
Security Hardenings
  
13.0
Milestone
Nextcloud 13
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@LukasReschke @tobiasKaminsky @rullzer