[Webkit-unassigned] [Bug 158739] There is no way to store local data in cross-origin iframe

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 20 05:42:26 PST 2018


--- Comment #4 from Stefan Sechelmann <stefan at sechel.de> ---
> Also this will be an issue with future specs (think ServiceWorker, which is on the roadmap).

ServiceWorkers have arrived and the issue unfolds further: Now it is possible to store data into, e.g., IndexedDB without any partitioning applied. The whole concept of partitioning is not well-defined anymore in a ServiceWorker environment since there is no enclosing context such as in the pure iframe case. So one could easily cook up an iframe that spawns a service worker and stores data regardless of the surrounding top-level context.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180220/ee091c3b/attachment-0001.html>

More information about the webkit-unassigned mailing list