[Webkit-unassigned] [Bug 183517] New: Feature Request: Include IndexedDB into Storage Access API
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Mar 9 09:43:14 PST 2018
https://bugs.webkit.org/show_bug.cgi?id=183517
Bug ID: 183517
Summary: Feature Request: Include IndexedDB into Storage Access
API
Product: WebKit
Version: Safari Technology Preview
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: stefan at sechel.de
CC: wilander at apple.com
We develop a web app that handles sensitive user date. We have a security mechanism in place that is based on origin separation between frontend (top-level context) and data storage (iframe on a different origin via postMessage api). Currently we support Chrome and Firefox which allow for 3rd party storage access.
We respect the policy of the WebKit team to protect the privacy of the user and prevent tracking by employing partitioning on all 3rd party storage systems. At the same time this is a blocker for us when implementing our system for Safari on Mac and iOS. The Storage Access API (https://github.com/whatwg/html/issues/3338) seems like the right idea if applied to all storage types, i.e., Cookies, LocalStorage, and IndexedDB.
As the discussion points in the direction of having no user interaction to grant the permission I wanted to stress that we are in favour of a system that goes along the lines of other permissions like camera or microphones, i.e., the user is prompted for consent via browser UI and the choice is persisted across browser sessions.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180309/e79ef74d/attachment-0001.html>
More information about the webkit-unassigned
mailing list