W3C home > Mailing lists > Public > whatwg@whatwg.org > September 2009

[whatwg] RFC: Alternatives to storage mutex for cookies and localStorage

From: Aaron Boodman <aa@google.com>
Date: Tue, 8 Sep 2009 02:38:51 -0700
Message-ID: <278fd46c0909080238o301fb638yb7068757c0060bb5@mail.gmail.com>
On Tue, Sep 8, 2009 at 2:02 AM, Robert O'Callahan<robert at ocallahan.org> wrote:
> Looking back over previous threads on the storage mutex, I can't seem to
> remember or find the reason that implementing the storage mutex for cookies
> can't easily be done with a mutex per domain. Ian pointed out this approach
> breaks if you can make synchronous script calls across origins (e.g. across
> IFRAME boundaries), but can you actually make such calls? Or if you can
> (NPAPI?), can we just declare that those APIs release the storage mutex?

I believe that synchronous cross-origin calls are possible a variety
of ways. Here is one way I found with a quick test: Resize an iframe
element. window.onresize is fired synchronously inside the frame. I
bet there are others.

> I know that setting document.domain makes this tricky because it
> synchronously enables new cross-domain interactions, but can't we handle
> that by declaring that setting document.domain releases the storage mutex?

All of these different ways that the storage mutex gets implicitly
released lead to weird behavior in edge cases. In my opinion, it would
be better to fix the API in a clean way than keep patching it like
this.

- a
Received on Tuesday, 8 September 2009 02:38:51 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:52 UTC