In some cases, Forget About Site will not clear data across origin attributes
Categories
(Toolkit :: Data Sanitization, defect, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox91 | --- | fixed |
People
(Reporter: johannh, Unassigned)
References
(Blocks 2 open bugs)
Details
(Whiteboard: [fixed by Bug 1705028])
The "Forget about site" feature allows users to clear data by hostname, which is not fully supported by a couple of things, namely:
- Quota Storage
- Network Cache
- Image Cache
These rely very much on principals with OAs to be specified when clearing data, hence the Quota Storage cleaner uses a hacky mechanism for cleaning both the http and https variant of the specified host like this: https://searchfox.org/mozilla-central/rev/44a212460990ffffecf50a8e972d3cbde2e7216b/toolkit/components/cleardata/ClearDataService.jsm#340-345
It's not great, but at least it covers basic cleaning that 99% of our users would find sufficient. I will adopt the same technique for cache cleaners in bug 1532203.
The use case where this really leaks data is containers, though, because this code does not consider containers at all when clearing.
We should update the cleaners and potentially the platform code for these components to make sure they properly clean all containers.
|
||
Updated•4 years ago
|
|
|
||
Comment 1•4 years ago
|
||
We're adding deleteByBaseDomain for all cleaners which should clear data across all origin attributes.
|
|
||
Updated•3 years ago
|
|
|
||
Comment 2•3 years ago
|
||
(In reply to Paul Zühlcke [:pbz] from comment #1)
We're adding
deleteByBaseDomainfor all cleaners which should clear data across all origin attributes.
All cleaners have been updated to support deleteByBaseDomain and the "Forget about this site feature" now calls this method so I'm marking this bug as fixed.
Description
•