[Webkit-unassigned] [Bug 158739] New: There is no way to store local data in cross-origin iframe

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jun 14 08:13:51 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=158739

            Bug ID: 158739
           Summary: There is no way to store local data in cross-origin
                    iframe
    Classification: Unclassified
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: All
                OS: Unspecified
            Status: NEW
          Severity: Major
          Priority: P2
         Component: HTML DOM
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: adam at rigo.sk
                CC: cdumez at apple.com

If I want to open the storage (IndexedDB or WebSQL) from an embedded iframe (the origin differs), it throws an error:
SecurityError: DOM Exception 18: IDBFactory.open() called in an invalid security context

Also the localStorage is buggy in the cross-origin usecase. It's affected by the parent domain while it shouldn't be context (parent origin) aware.

Both APIs are violating the specs and they work in the other browsers (Chrome, IE, FF).

All the storage specs require exactly one "storage space" per origin. Zero (IndexedDB and WebSQL) and multiple (localStorage has one space per parent origin) are not allowed.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160614/8bce710c/attachment.html>

More information about the webkit-unassigned mailing list