- From: Joshua Bell <notifications@github.com>
- Date: Tue, 14 Feb 2017 10:25:02 -0800
- To: whatwg/storage <storage@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 14 February 2017 18:25:42 UTC
Sandboxed iframes end up with unique [opaque origins](https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque). We should define the behavior of the API here. One option would be to simply reject on any API call (`persist()`, `estimate()`, etc). Chrome currently does this, and it's per spec for other storage APIs (localStorage, Indexed DB, etc). Another would be to introduce an analogue to `[SecureContext]` that removes the API in unique opaque origins. Or we could let unique opaque origins have some ephemeral storage, with lifetime bound to the browsing context or some such. (But please no...) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/storage/issues/41
Received on Tuesday, 14 February 2017 18:25:42 UTC