From 2f87fb6b456fd109c90a5093c31b7a3f62a32040 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Tue, 20 Jun 2017 19:46:10 +0200
Subject: Add Clear-Site-Data header

This adds a Clear-Site-Data header to the logout response which will delete all relevant data in the caches which may contain potentially sensitive content.

See https://w3c.github.io/webappsec-clear-site-data/#header for the definition of the types.

Ref https://twitter.com/mikewest/status/877149667909406723

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
---
 tests/Core/Controller/LoginControllerTest.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'tests')

diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php
index ca32a04efe1..bd2d0143caf 100644
--- a/tests/Core/Controller/LoginControllerTest.php
+++ b/tests/Core/Controller/LoginControllerTest.php
@@ -95,6 +95,7 @@ class LoginControllerTest extends TestCase {
 			->willReturn('/login');
 
 		$expected = new RedirectResponse('/login');
+		$expected->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"');
 		$this->assertEquals($expected, $this->loginController->logout());
 	}
 
@@ -124,6 +125,7 @@ class LoginControllerTest extends TestCase {
 			->willReturn('/login');
 
 		$expected = new RedirectResponse('/login');
+		$expected->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"');
 		$this->assertEquals($expected, $this->loginController->logout());
 	}
 
-- 
cgit v1.2.3