[Webkit-unassigned] [Bug 45304] New: localStorage cross-domain sandbox with http / https urls

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Sep 7 09:43:01 PDT 2010


           Summary: localStorage cross-domain sandbox with http / https
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh Intel
        OS/Version: Mac OS X 10.6
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: spam-webkit at encodedrecords.com

Currently, window.localStorage.getItem(key) returns values of keys when browsing http://example.com -- however, going to https://example.com gives a cross-domain exception and the browser can't see keys that have been set on http://example.com .

In theory, this should work the same as cookies; non-secure cookies are able to be read on SSL-enabled pages, but not vice-versa.  Similarly, non-secure key/value pairs should be able to be read (and modified) on SSL-enabled pages.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list