When user hits on login button the login request (ajax request to https://example.com/login) returning site following headers (Clear-Site-Data: "cache") but still getting cached response from the subsequent request.
HTTP/1.1 200 OK
Date: Sat, 17 Jun 2023 08:27:31 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 433
Connection: keep-alive
Content-Security-Policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
X-DNS-Prefetch-Control: off
Expect-CT: max-age=0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
Referrer-Policy: no-referrer
X-XSS-Protection: 0
Access-Control-Allow-Origin: *
Clear-Site-Data: "cache"
ETag: W/"1b1-qSdkeWSPPEfc+zO3en4Zo/KFDzg"
also I can see below error in my console
Clear-Site-Data header on https://example.com/login: The request's credentials mode prohibits modifying cookies and other local data.
But seems like chrome has support for this header according to MDN https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data
Why the cache is not getting cleared ?
Am I doing anything incorrectly or is it a bug ?
Note: this is cross origin request
