[Webkit-unassigned] [Bug 183517] New: Feature Request: Include IndexedDB into Storage Access API

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Mar 9 09:43:14 PST 2018


https://bugs.webkit.org/show_bug.cgi?id=183517

            Bug ID: 183517
           Summary: Feature Request: Include IndexedDB into Storage Access
                    API
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: stefan at sechel.de
                CC: wilander at apple.com

We develop a web app that handles sensitive user date. We have a security mechanism in place that is based on origin separation between frontend (top-level context) and data storage (iframe on a different origin via postMessage api). Currently we support Chrome and Firefox which allow for 3rd party storage access. 

We respect the policy of the WebKit team to protect the privacy of the user and prevent tracking by employing partitioning on all 3rd party storage systems. At the same time this is a blocker for us when implementing our system for Safari on Mac and iOS. The Storage Access API (https://github.com/whatwg/html/issues/3338) seems like the right idea if applied to all storage types, i.e., Cookies, LocalStorage, and IndexedDB.

As the discussion points in the direction of having no user interaction to grant the permission I wanted to stress that we are in favour of a system that goes along the lines of other permissions like camera or microphones, i.e., the user is prompted for consent via browser UI and the choice is persisted across browser sessions.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180309/e79ef74d/attachment-0001.html>


More information about the webkit-unassigned mailing list