[Webkit-unassigned] [Bug 228856] Feature Request: Don't partition third party localStorage by subdomain
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Aug 6 11:42:26 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=228856
--- Comment #2 from Sarah <sarah.k.payne at gmail.com> ---
(In reply to Sam Sneddon [:gsnedders] from comment #1)
> > I've run into an issue with WebKit deleting localStorage items set by a third party (hosted in an iFrame) when moving between two subdomains of a first party website. What is the benefit of partitioning between subdomains of the same first party?
>
> i.e.:
>
> You have a page at http://example.com, with two iframes:
> http://a.example.net and http://b.example.net, and what's happening is those
> two iframes appear to have different storage domains?
>
> And this is all happening within a single session (c.f. bug 168631) and
> you're not running macOS 11.3/11.4 (which might hit bug 225344)?
Hi, sorry, let me be more specific!
I have a feeling this is as designed which is why I made a feature request, but also I'm not an expert in this area so it may be a silly FR.
I have two pages, http://a.example.com and http://b.example.com. They serve up basically the same single page application to users, with different information siloed to each subdomain. Not ideal, but this is what we do (this was the solution to merging two companies with two separate web teams). When the user crosses subdomains, we keep them logged in. So the user may switch back and forth from subdomain a and subdomain b several times in their session.
We are implementing a third-party chat widget with a script tag that adds an iFrame to the page. This iFrame sets the chat session information in localStorage from the third-party's site (http://example.azureedge.net)
The problem arise when users switch between our subdomains after starting a chat. The chat session information is removed, ending the conversation and closing the widget.
This isn't something we see on Chrome. When doing research, I saw the Brave browser has something similar but I couldn't decipher if they partition localStorage from third-parties by each subdomain within a first-party or not. They just say they partition it by first-party.
Thanks for your help!
Sarah
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210806/f1ed216c/attachment-0001.htm>
More information about the webkit-unassigned
mailing list