Re: [mixed-content] How to move "localStorage" or "IndexedDB" from HTTP to HTTPS? from Janusz Majnert on 2015-05-26 (public-webappsec@w3.org from May 2015)

From: Janusz Majnert <jmajnert@gmail.com>
Date: Tue, 26 May 2015 09:45:57 +0200
To: Vic99999 <vic99999@ya.ru>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAOeF0eytST3cjpmast=dWOjvpMwNrv=LvrpX1a+HEatrcgrZ=Q@mail.gmail.com>

Maybe you should have the http users run a script that will read all the
relevant data, send it to your server, then redirect users to https and
feed them back the data?

/Janusz Majnert

2015-05-25 20:04 GMT+02:00 Vic99999 <vic99999@ya.ru>:

> No, I though about <iframe src="http://example.com"></iframe> to access
> "localStorage" with old origin (http:// <http://site.com>example.com) and
> copy the data.
> Anyway, I decided to leave "old" users on "http", so it is not a serious
> problem.
>
> 25.05.2015, 20:53, "Kristijan Burnik" <burnik@google.com>:
>
> Hi,
>
> Is the iframe (or can it be) served over HTTPS?
>
> On Sat, May 23, 2015 at 5:57 AM, Vic99999 <vic99999@ya.ru> wrote:
>
> Hello,
>
> I want to migrate my site to HTTPS, but how could I save users
> "localStorage" ? As <iframe> is blocked, I cannot copy the data.
>
>
>
>
>
> --
>
> *Kristijan Burnik*
>
> Software Engineering Intern
>
> burnik@google.com
>
> Google Germany GmbH
>
> Dienerstraße 12
>
> 80331 München
>
> Geschäftsführer: Graham Law, Christine Elizabeth Flores
>
> Registergericht und -nummer: Hamburg, HRB 86891
>
> Sitz der Gesellschaft: Hamburg
>
>
>
>

Received on Tuesday, 26 May 2015 07:46:24 UTC