- From: Honza Bambas <honzab@allpeers.com>
- Date: Tue, 26 May 2009 09:31:15 +0200
See also mozilla bug https://bugzilla.mozilla.org/show_bug.cgi?id=494799 Effective script origin driven by document.domain is used to allow sharing of properties and data among pages coming from different subdomains. Should this "data sharing" apply also to sessionStorage and localStorage? It means: having page load from http://test.mysite.com accessing sessionStorage would get sessionStorage bound to http://test.mysite.com. When that same page than changes document.domain to http://mysite.com, sessionStorage it gets now should be a different object, bound to http://mysite.com. A reason to do this is also because of security checking. The subject's origin changes to http://mysite.com and access to sessionStorage bound to http://test.mysite.com should not be allowed (origins are not equal). Opinions? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090526/311f561d/attachment.htm>
Received on Tuesday, 26 May 2009 00:31:15 UTC