W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2015

Re: [mixed-content] How to move "localStorage" or "IndexedDB" from HTTP to HTTPS?

From: Brad Hill <hillbrad@gmail.com>
Date: Tue, 26 May 2015 17:32:30 +0000
Message-ID: <CAEeYn8gRnQwHz-BAR7H6KBMiFRmw8QsEpfG_7umbkWFbY+taww@mail.gmail.com>
To: Janusz Majnert <jmajnert@gmail.com>, Vic99999 <vic99999@ya.ru>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
This is a very important question that I think this group needs to answer
as part of our strategic efforts to make this kind of migration possible
and no more difficult than absolutely necessary.  Thank you for raising
it.  Janusz's proposed solution is a clever work around, but I hope we can
do better.

On Tue, May 26, 2015 at 12:48 AM Janusz Majnert <jmajnert@gmail.com> wrote:

> Maybe you should have the http users run a script that will read all the
> relevant data, send it to your server, then redirect users to https and
> feed them back the data?
>
> /Janusz Majnert
>
> 2015-05-25 20:04 GMT+02:00 Vic99999 <vic99999@ya.ru>:
>
>> No, I though about <iframe src="http://example.com"></iframe> to access
>> "localStorage" with old origin (http:// <http://site.com>example.com)
>> and copy the data.
>> Anyway, I decided to leave "old" users on "http", so it is not a serious
>> problem.
>>
>> 25.05.2015, 20:53, "Kristijan Burnik" <burnik@google.com>:
>>
>> Hi,
>>
>> Is the iframe (or can it be) served over HTTPS?
>>
>> On Sat, May 23, 2015 at 5:57 AM, Vic99999 <vic99999@ya.ru> wrote:
>>
>> Hello,
>>
>> I want to migrate my site to HTTPS, but how could I save users
>> "localStorage" ? As <iframe> is blocked, I cannot copy the data.
>>
>>
>>
>>
>>
>> --
>>
>> *Kristijan Burnik*
>>
>> Software Engineering Intern
>>
>> burnik@google.com
>>
>> Google Germany GmbH
>>
>> Dienerstraße 12
>>
>> 80331 München
>>
>> Geschäftsführer: Graham Law, Christine Elizabeth Flores
>>
>> Registergericht und -nummer: Hamburg, HRB 86891
>>
>> Sitz der Gesellschaft: Hamburg
>>
>>
>>
>>
>
Received on Tuesday, 26 May 2015 17:33:01 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:13 UTC