[Webkit-unassigned] [Bug 158739] There is no way to store local data in cross-origin iframe
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Feb 20 05:42:26 PST 2018
https://bugs.webkit.org/show_bug.cgi?id=158739
--- Comment #4 from Stefan Sechelmann <stefan at sechel.de> ---
> Also this will be an issue with future specs (think ServiceWorker, which is on the roadmap).
ServiceWorkers have arrived and the issue unfolds further: Now it is possible to store data into, e.g., IndexedDB without any partitioning applied. The whole concept of partitioning is not well-defined anymore in a ServiceWorker environment since there is no enclosing context such as in the pure iframe case. So one could easily cook up an iframe that spawns a service worker and stores data regardless of the surrounding top-level context.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180220/ee091c3b/attachment-0001.html>
More information about the webkit-unassigned
mailing list