stable
Clone or download
Read-only
request #12875: Clear all site data on users logout
This contribution uses the header Clear-Site-Data [0] to indicate to browsers that everything should be deleted when a user explicitely decide to logout itself. This improve both privacy and security. The opportunity has also been taken to clean up the expception done in URLVerification for the logout URL. [0] https://w3c.github.io/webappsec-clear-site-data/ Change-Id: I2cea80f2d47d79f9ce5283d57ba7e9f729a173f1
Modified Files
| Name | ||||
|---|---|---|---|---|
| M | src/common/Request/RouteCollector.php | +7 | −0 | Go to diff View file |
| A | src/common/User/Account/LogoutController.php | +52 | −0 | Go to diff View file |
| M | src/common/include/URLVerification.class.php | +1 | −9 | Go to diff View file |
| D | src/www/account/logout.php | +0 | −27 | Go to diff View file |
| M | src/www/themes/BurningParrot/templates/navbar/menu-item/menu-item-logout.mustache | +1 | −1 | Go to diff View file |
| M | src/www/themes/FlamingParrot/templates/navbar-user-logged-in.mustache | +1 | −1 | Go to diff View file |