[Webkit-unassigned] [Bug 168631] Feature Request: Make partitioned localStorage persistent

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Apr 21 13:44:36 PDT 2017


--- Comment #12 from Malte Ubl <malteubl at google.com> ---
In the current state, the 1p can store data on behalf on the 3p. Storage-wise this achieves the same semantics as partitioned storage.

Something like this on the 1p:

onmessage = e => {
  if (e.data.type == 'set-localstorage')
    localStorage.setItem(e.origin + ':' + e.data.key, e.data.value);
  else if (e.data.type == 'get-localstorage')
    localStorage.setItem(e.origin + ':' + e.data.key);

Of course, this requires cooperation of 1p and 3p, but especially in the ads case, 3ps often get to run script on the 1p, so they can set up the above without **real** cooperation.

If you'd like to maintain the current state of requiring 1p cooperation for storage in 3p context, this could be achieved by adding an opt-in attribute similar to allowfullscreen (e.g. allowstorage). That would maintain the exact same user and storage controls as today, but would not incentivize ads to run code in 1p context (which I think everyone would agree would be a great change).

Our primary motivation is that we'd like to avoid leaking data from the 3p to the 1p for increased privacy of our users.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170421/1b24abaf/attachment-0001.html>

More information about the webkit-unassigned mailing list