-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: add cookies.removeAll() method.md #690
base: main
Are you sure you want to change the base?
Conversation
Initial draft
#### Special cases: | ||
```cookies.removeAll({})``` | ||
|
||
>An empty details object will result in all cookies being removed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd like some input on this. My thought was to keep the behavior the same between cookies.getAll
and this implementation but it might make sense to block it or direct developers to use the already existing browserData API
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Open to thoughts, but I'd prefer to make this an error. As you mentioned, there is already the browsingData API for this, and even just during development it would be frustrating to accidentally clear all cookies. This would also allow us to match the CookieDetails object from the remove() API where name
and url
are currently required.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would also like you make {}
be an error. In Safari, we only return cookies you have host permissions for in getAll({})
, so that is what would be removed if we supported it with removeAll({})
. However, it does seem to be too much of a foot gun.
I think requiring one key is still useful and safe.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This generally looks good, thanks! I left a couple of comments.
#### Special cases: | ||
```cookies.removeAll({})``` | ||
|
||
>An empty details object will result in all cookies being removed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Open to thoughts, but I'd prefer to make this an error. As you mentioned, there is already the browsingData API for this, and even just during development it would be frustrating to accidentally clear all cookies. This would also allow us to match the CookieDetails object from the remove() API where name
and url
are currently required.
### Behavior | ||
|
||
The API will remove all cookies that match the `details` object parameter with the exception of the cases outlined in the implementation details. | ||
If the extension does not have [host permissions](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions#host_permissions) for this URL, the API call will fail. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we allow calling this API without a url
(see below) we should add a note here about the behavior if you only have some host permissions. Presumably, we would just remove the cookies for the sites you have access to.
Proposal introducing a new API cookies.removeAll()