<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - There is no way to store local data in cross-origin iframe"
href="https://bugs.webkit.org/show_bug.cgi?id=158739">158739</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>There is no way to store local data in cross-origin iframe
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>Safari Technology Preview
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Major
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>HTML DOM
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>adam@rigo.sk
</td>
</tr>
<tr>
<th>CC</th>
<td>cdumez@apple.com
</td>
</tr></table>
<p>
<div>
<pre>If I want to open the storage (IndexedDB or WebSQL) from an embedded iframe (the origin differs), it throws an error:
SecurityError: DOM Exception 18: IDBFactory.open() called in an invalid security context
Also the localStorage is buggy in the cross-origin usecase. It's affected by the parent domain while it shouldn't be context (parent origin) aware.
Both APIs are violating the specs and they work in the other browsers (Chrome, IE, FF).
All the storage specs require exactly one "storage space" per origin. Zero (IndexedDB and WebSQL) and multiple (localStorage has one space per parent origin) are not allowed.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>