<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Mon, Sep 7, 2015 at 7:19 PM, Bram Pitoyo <span dir="ltr"><<a href="mailto:bram@mozilla.com" target="_blank">bram@mozilla.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="gmail_extra"><div><div><div><div><div>Hi Gerv,<br><br></div>Some of us at the Privacy and Security team has been thinking of the same thing!<br><br></div>Instead of a per-site caching rule, we’d like to have it so that a site can say to any browser: “Please always open me in Private Browsing”, and the browser would respect that.<br><br>The end result is the same: confidential information is never recorded in the cache.<br></div><br>The user flow and interface can be seen here (graciously written by Francois):<br><a href="https://wiki.mozilla.org/Security/Automatic_Private_Browsing_Upgrades" target="_blank">https://wiki.mozilla.org/Security/Automatic_Private_Browsing_Upgrades</a><br><br></div>He also proposed it to the WebAppSec WG:<br><a href="https://lists.w3.org/Archives/Public/public-webappsec/2015Sep/0016.html" target="_blank">https://lists.w3.org/Archives/Public/public-webappsec/2015Sep/0016.html</a><br><br></div>Do we have a similar goal? Can we collaborate? Francois and Javaun are CCed on this email, and they can chime in.<br></div></blockquote><div><br></div><div>Without meaning to derail this thread (since this is all unrelated to PB!), Gecko's implementation of private browsing relies on being able to tell whether a page needs to be able to load in private mode before we do any of the work required to download and display it, so toggling the private mode of a page based on an HTTP header doesn't really play well with that, since we'd need to perform the initial network request before we see the HTTP header. Therefore, I don't really think we can implement what that wiki page suggests.<br><br>It would be nice if we get feedback on whether ideas around this are possible to implement before we suggest them on webappsec, I think. :-)<br><br></div><div>Cheers,<br></div><div>Ehsan<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="gmail_extra"><div class="gmail_quote">On Tue, Sep 8, 2015 at 4:24 AM, Gervase Markham <span dir="ltr"><<a href="mailto:gerv@mozilla.org" target="_blank">gerv@mozilla.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 07/09/15 16:52, David Illsley wrote:<br>
> <a href="http://www.w3.org/TR/2015/WD-clear-site-data-20150804/" rel="noreferrer" target="_blank">http://www.w3.org/TR/2015/WD-clear-site-data-20150804/</a><br>
<br>
Wow. Seems like great minds think alike :-)<br>
<div><div><br>
Gerv<br>
_______________________________________________<br>
firefox-dev mailing list<br>
<a href="mailto:firefox-dev@mozilla.org" target="_blank">firefox-dev@mozilla.org</a><br>
<a href="https://mail.mozilla.org/listinfo/firefox-dev" rel="noreferrer" target="_blank">https://mail.mozilla.org/listinfo/firefox-dev</a><br>
</div></div></blockquote></div><br></div><div class="HOEnZb"><div class="h5">
</div></div><br>_______________________________________________<br>
firefox-dev mailing list<br>
<a href="mailto:firefox-dev@mozilla.org">firefox-dev@mozilla.org</a><br>
<a href="https://mail.mozilla.org/listinfo/firefox-dev" rel="noreferrer" target="_blank">https://mail.mozilla.org/listinfo/firefox-dev</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr">Ehsan<br></div></div>
</div></div>