[Webkit-unassigned] [Bug 202640] Tracking blocking breaks remembering login on editor.construct.net
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 15 08:45:24 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=202640
--- Comment #18 from Ashley Gullen <ashley at scirra.com> ---
Why doesn't the storage access API provide access to IndexedDB? Couldn't that be supported?
The purpose of using a cross-origin frame is to hide the storage from the main origin, where we have to run third-party scripts that shouldn't have access to the storage. I don't know what other options we have to persist a login token on the client, other than to weaken our security by allowing third-party scripts access to login tokens. So long as we can't identify a way it's possible to solve this, telling our users to disable "Prevent cross-site tracking" appears to be the only option we have.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191015/f81cd9d1/attachment-0001.html>
More information about the webkit-unassigned
mailing list