[Webkit-unassigned] [Bug 168631] Feature Request: Make partitioned localStorage persistent
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Apr 21 13:44:36 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=168631
--- Comment #12 from Malte Ubl <malteubl at google.com> ---
In the current state, the 1p can store data on behalf on the 3p. Storage-wise this achieves the same semantics as partitioned storage.
Something like this on the 1p:
onmessage = e => {
if (e.data.type == 'set-localstorage')
localStorage.setItem(e.origin + ':' + e.data.key, e.data.value);
else if (e.data.type == 'get-localstorage')
localStorage.setItem(e.origin + ':' + e.data.key);
}
Of course, this requires cooperation of 1p and 3p, but especially in the ads case, 3ps often get to run script on the 1p, so they can set up the above without **real** cooperation.
If you'd like to maintain the current state of requiring 1p cooperation for storage in 3p context, this could be achieved by adding an opt-in attribute similar to allowfullscreen (e.g. allowstorage). That would maintain the exact same user and storage controls as today, but would not incentivize ads to run code in 1p context (which I think everyone would agree would be a great change).
Our primary motivation is that we'd like to avoid leaking data from the 3p to the 1p for increased privacy of our users.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170421/1b24abaf/attachment-0001.html>
More information about the webkit-unassigned
mailing list