Warm tip: This article is reproduced from stackoverflow.com, please click
browser-cache cache-control http http-headers clear-site-data

Expected behavior when Clear-Site-Data header is set?

发布于 2020-08-02 01:21:37

According to the docs:

Clear-Site-Data header clears browsing data (cookies, storage, cache) associated with the requesting website

Now trying it, you can see in the screenshot (Firefox v76) that in the Response section, Clear-Site-Data was set in the browser, but, you can still see the assets as "cached":

Note: Even after navigating back/forth after some time, the cached assets doesn't seem to get cleared.

enter image description here

I'm under the impression this will happen instantly but I can't get it to work. Is this suppose to happen instantly or after some time, or I am just missing some else?

Update for those who care:

Clear-Site-Data appears to only work on localhost or https

Questioner
IMB
Viewed
54
分享
Joe 2020-05-15 17:31

Is this suppose to happen instantly or after some time, or I am just missing some else?

It is supposed to happen instantly. The (draft) spec states:

If the Clear-Site-Data header is present in an HTTP response received from the network, then data MUST be cleared before rendering the response to the user.

Additionally, as you mention in this comment it is only supported when a request is secure (either https or localhost).

I prepared a simple test, with two resources:

  • index.html -- a page that links to a CSS file, and also accepts a ?clear query parameter to include a CSD header in the response
  • style.css -- a CSS page with random colours, to make clear when it has been regenerated, that declares itself as cacheable

This behaved as specified with Firefox 76.0.1; on receiving a resource with Clear-Site-Data: "cache", the cache is cleared before fetching its subresources.

Without Clear-Site-Data:

  • Fetch index.html by entering the URL and hitting Enter
  • Repeat this. Note that the referenced style.css is served from the cache, and the page colour doesn't change

With Clear-Site-Data:

  • Fetch index.html?clear by entering the URL and hitting Enter
  • Repeat this. Note that the referenced style.css is not served from the cache, and the page colour changes

Code:

#!/usr/bin/python3

import http.server
import socketserver

import random

PORT = 8000

class SampleDataHandler(http.server.SimpleHTTPRequestHandler):

    def do_GET(self):
        if ".css" in self.path:
            self.send_response(200)
            self.send_header('Content-Type', 'text/css')
            self.send_header('Cache-Control', 'max-age=3600')
            self.end_headers()
            color = b"%06x" % random.randint(0, 0xFFFFFF)
            self.wfile.write(b"html{background-color: " + color + b";}\n")
        else:
            self.send_response(200)
            if '?clear' in self.path:
                self.send_header('Clear-Site-Data', '"cache"')
            self.end_headers()
            self.wfile.write(b"<link rel=stylesheet href=style.css>This is the content.\n")


httpd = socketserver.TCPServer(("", PORT), SampleDataHandler)

httpd.serve_forever()
IMB 1970-01-01 08:00:00

Could it be due to the ?clear flag? because even without the Clear-Site-Data directive, any random ?string should clear the cache at least on your first visit. What happens if you repeatedly visit with ?clear flag? Also can you verify in the browser inspector if it's actually served from cache?

Joe 1970-01-01 08:00:00

Yes, the network tab confirms that it's served from the cache when no CSD header is sent. Note that it's the style.css that is (or isn't) served from the cache, not the initial index.html.

IMB 1970-01-01 08:00:00

I'm pretty much doing something similar (but in PHP). Mind if you send a screenshot of your browser inspector after visiting index.html?clear multiple times through a link that links index.html to itself? Note: hitting refresh appears to deliberately clear cache so it must come from a self link.

IMB 1970-01-01 08:00:00

I have finally found why I couldn't get it to work: Clear-Site-Data only works on localhost or https. I don't think this is "officially" documented. I've been testing it on a non-localhost Docker URL that's why it never worked. After testing on localhost I can verify CSD works instantly. Although I wasn't able to test your example, it still helped me in a way so I will accept it.

Joe 1970-01-01 08:00:00

Good find! This line appears to assert that in Firefox, and it's a no-op for a URI that's not considered "secure". It should probably be listed with Features restricted to secure contexts.

Related issues

1
Property header for firebase auth token api request to a custom server
2
How webpush work in TCP/IP network layers
3
Make http request like php form does using nodejs
4
What byte range 0- means
5
svelte/sapper
6
can firebase callable functions be used to build an API?
7
What's the difference between a POST and a PUT HTTP REQUEST?
8
Make a link use POST instead of GET
9
urllib2.HTTPError: HTTP Error 403: Forbidden
10
How best to respond to an open HTTP range request