[Webkit-unassigned] [Bug 45304] New: localStorage cross-domain sandbox with http / https urls
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Sep 7 09:43:01 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=45304
Summary: localStorage cross-domain sandbox with http / https
urls
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh Intel
OS/Version: Mac OS X 10.6
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: spam-webkit at encodedrecords.com
Currently, window.localStorage.getItem(key) returns values of keys when browsing http://example.com -- however, going to https://example.com gives a cross-domain exception and the browser can't see keys that have been set on http://example.com .
In theory, this should work the same as cookies; non-secure cookies are able to be read on SSL-enabled pages, but not vice-versa. Similarly, non-secure key/value pairs should be able to be read (and modified) on SSL-enabled pages.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list