[Webkit-unassigned] [Bug 168631] Feature Request: Make partitioned localStorage persistent

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Apr 23 03:27:02 PDT 2017


https://bugs.webkit.org/show_bug.cgi?id=168631

--- Comment #19 from Malte Ubl <malteubl at google.com> ---
This sounds right. I believe #1 is not quite correct, as under default setting IndexedDB throws while localStorage uses transient storage.

The AMP case you describe is a bit different: We serve content from its own origin. Google.com is only a container, so this is a standard application of the primary security primitive of the web (the origin model). We'd like to avoid exposing user data to google.com where we can. Persistent partitioned storage would help with that. Imagine you'd build a web browser (like Safari) and you could avoid that the browser (as opposed to the rendering engine) could ever read user data. Would you take that chance of extra security? Browsers other than Safari currently do provide web developers with a device to implement such a security model.

I think a good summary is:

We'd like to get persistent 1p-partitioned storage. Since the data is partitioned by "websites I visit" this seems to be in line with the default storage setting in Safari.  

If your interpretation is that under this setting all storage, including partitioned storage should be blocked, I'd suggest to close this ticket as working and intended and to

- document the behavior
- emit a warning on storage access for localStorage (which doesn't throw; I assume for webcompat reasons), so that developers are informed that Safari is violating the spec on purpose.
- consider to file a ticket under https://github.com/WICG/interventions

This ticket was already a big step forward for web developers as there appears to be at least one non-anecdotal source of information now for what the intended behavior of Safari is.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170423/3e9d0ba7/attachment.html>


More information about the webkit-unassigned mailing list