[Webkit-unassigned] [Bug 158739] There is no way to store local data in cross-origin iframe

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jun 21 04:51:11 PDT 2016


--- Comment #2 from Adam Lippai <adam at rigo.sk> ---
In 2012 there were very few really client-side heavy apps and they had little or no shared resources. Now, more than four years later it should be reconsidered to finish the correct - but harder to implement - way.

E.g.: We want to implement a cookieless SSO (sessions) and Safari is the only browser where we have to share anything with the parent domain and do ugly redirections.

Other example: offline first websites / web apps, where you want to pass data between them (with no network interaction).

I couldn't find info on this, but I think https://bugs.webkit.org/show_bug.cgi?id=93390 was about Allowing this behavior and not defaulting to it. This piece of code wasn't revamped when the browser's  default behavior changed so it's missing at least a reconsideration.

Maybe the localStorage or this security model is Apple's sacred cow, but now there is no way to share resource - anything but cookie - in the shared iFrame. This behaviour would be acceptable only if not ALL the specs would go in the other direction. Also this will be an issue with future specs (think ServiceWorker, which is on the roadmap).

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160621/dada4323/attachment.html>

More information about the webkit-unassigned mailing list