Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[stable14] Remove cookies from Clear-Site-Data Header #12005

Merged
merged 1 commit into from
Oct 24, 2018
Merged

[stable14] Remove cookies from Clear-Site-Data Header #12005

merged 1 commit into from
Oct 24, 2018

Conversation

iPaat
Copy link
Member

@iPaat iPaat commented Oct 24, 2018
edited
Loading

Backport for: Backport for: #11847

In 2f87fb6 this header was introduced. The referenced documentation says:

When delivered with a response from https://example.com/clear, the following header will cause cookies associated with the origin https://example.com to be cleared, as well as cookies on any origin in the same registered domain (e.g. https://www.example.com/ and https://more.subdomains.example.com/).

This also applies if https://nextcloud.example.com/ sends the Clear-Site-Data: "cookies" header.
This is not the behavior we want at this point!

So I removed the deletion of cookies from the header. This has no effect on the logout process as this header is supported only recently and the logout works in old browsers as well.

Signed-off-by: Patrick Conrad conrad@iza.org
(cherry picked from commit 1806baa)

@iPaat
Remove cookies from Clear-Site-Data Header
bae4207 
In 2f87fb6 this header was introduced. The referenced documentation says:

> When delivered with a response from https://example.com/clear, the following header will cause cookies associated with the origin https://example.com to be cleared, as well as cookies on any origin in the same registered domain (e.g. https://www.example.com/ and https://more.subdomains.example.com/).

This also applies if `https://nextcloud.example.com/` sends the `Clear-Site-Data: "cookies"` header.
This is not the behavior we want at this point!

So I removed the deletion of cookies from the header. This has no effect on the logout process as this header is supported only recently and the logout works in old browsers as well.

Signed-off-by: Patrick Conrad <conrad@iza.org>
(cherry picked from commit 1806baa)
@MorrisJobke MorrisJobke added the 3. to review Waiting for reviews label Oct 24, 2018
@MorrisJobke MorrisJobke merged commit 751aa99 into nextcloud:stable14 Oct 24, 2018
@bszente bszente mentioned this pull request Nov 5, 2018
Closed
@MorrisJobke MorrisJobke mentioned this pull request Nov 13, 2018
Merged
@MorrisJobke MorrisJobke mentioned this pull request Nov 22, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MorrisJobke MorrisJobke MorrisJobke approved these changes

@ChristophWurst ChristophWurst ChristophWurst approved these changes

@rullzer rullzer Awaiting requested review from rullzer

@nickvergessen nickvergessen Awaiting requested review from nickvergessen

@blizzz blizzz Awaiting requested review from blizzz

@kesselb kesselb Awaiting requested review from kesselb

Assignees
No one assigned
Labels
3. to review Waiting for reviews
Projects
None yet
Milestone
Nextcloud 14.0.4
Development

Successfully merging this pull request may close these issues.
3 participants
@iPaat @MorrisJobke @ChristophWurst