- From: Brad Hill <hillbrad@gmail.com>
- Date: Tue, 26 May 2015 17:32:30 +0000
- To: Janusz Majnert <jmajnert@gmail.com>, Vic99999 <vic99999@ya.ru>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <CAEeYn8gRnQwHz-BAR7H6KBMiFRmw8QsEpfG_7umbkWFbY+taww@mail.gmail.com>
This is a very important question that I think this group needs to answer as part of our strategic efforts to make this kind of migration possible and no more difficult than absolutely necessary. Thank you for raising it. Janusz's proposed solution is a clever work around, but I hope we can do better. On Tue, May 26, 2015 at 12:48 AM Janusz Majnert <jmajnert@gmail.com> wrote: > Maybe you should have the http users run a script that will read all the > relevant data, send it to your server, then redirect users to https and > feed them back the data? > > /Janusz Majnert > > 2015-05-25 20:04 GMT+02:00 Vic99999 <vic99999@ya.ru>: > >> No, I though about <iframe src="http://example.com"></iframe> to access >> "localStorage" with old origin (http:// <http://site.com>example.com) >> and copy the data. >> Anyway, I decided to leave "old" users on "http", so it is not a serious >> problem. >> >> 25.05.2015, 20:53, "Kristijan Burnik" <burnik@google.com>: >> >> Hi, >> >> Is the iframe (or can it be) served over HTTPS? >> >> On Sat, May 23, 2015 at 5:57 AM, Vic99999 <vic99999@ya.ru> wrote: >> >> Hello, >> >> I want to migrate my site to HTTPS, but how could I save users >> "localStorage" ? As <iframe> is blocked, I cannot copy the data. >> >> >> >> >> >> -- >> >> *Kristijan Burnik* >> >> Software Engineering Intern >> >> burnik@google.com >> >> Google Germany GmbH >> >> Dienerstraße 12 >> >> 80331 München >> >> Geschäftsführer: Graham Law, Christine Elizabeth Flores >> >> Registergericht und -nummer: Hamburg, HRB 86891 >> >> Sitz der Gesellschaft: Hamburg >> >> >> >> >
Received on Tuesday, 26 May 2015 17:33:01 UTC