Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #12875 Clear all site data on users logout
    Actions
    Infos
    #12875
    Thomas Gerbet (tgerbet)
    2019-01-30 17:56
    2019-01-29 15:02
    13732
    Details
    Clear all site data on users logout
    Some browsers (at least Chrome and Firefox) supports a header called Clear-Site-Data [0]. When sent, this header tells to the browser to delete information like caches, cookies, local storage...
    This is interesting for at least two reasons:
    * it makes sure that everything that could possibly be done to preserve user's privacy is done
    * it can helps mitigate security issues where malicious users has successfully injected code by making it harder to persist the attack





    [0] https://w3c.github.io/webappsec-clear-site-data/
    Other
    Empty
    Empty
    • [ ] enhancement
    • [x] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2019-01-30
    Attachments
    Empty
    References
    Referencing request #12875

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/54/13854/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 528865fb0c
    User avatar Nicolas Terray (nterray) , 2019-01-30 09:09
    request #12875: Clear all site data on users logout 382a042c76
    User avatar Thomas Gerbet (tgerbet) , 2019-01-29 15:41
    Do not instruct browsers to clear cookies with Clear-Site-Data header on logout 488a43439e
    User avatar Thomas Gerbet (tgerbet) , 2019-01-30 15:47
    Referenced by request #12875

    Artifact Tracker v5

    rel #12559 10.10

    Other

    gerrit #13854
    gerrit #13876
    Display settings

    Follow-ups