[go: nahoru, domu]

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to treat localStorage and sessionStorage #34

Open
joelweinberger opened this issue May 3, 2016 · 18 comments
Open

How to treat localStorage and sessionStorage #34

joelweinberger opened this issue May 3, 2016 · 18 comments
Milestone

Comments

@joelweinberger
Copy link
Contributor

To avoid the pitfalls of just removing storage completely from Suborigins, we need to be more specific about how localStorage and sessionStorage are handled. The three options off the top of my head are:

  • Bad access to both, a la sandbox. Has the disadvantage that access throws an exception, making transferring applications to use Suborigins difficult.
  • Create the relevant objects and allow use, but don't do any backing in the user agent. Nice because it is simple to spec and implement, and pretty much would be invisible to the user. Tough because this would be surprising behavior to a developer.
  • Treat Suborigins as a new origin with their own localStorage and sessionStorage. Good because it is probably the easiest to transfer applications to, but tough because it would be difficult to figure out how to best present this to users, especially in UX.

I lean heavily towards the 3rd option because it's the "purest," and, on practical level, I think it can probably be hidden from users in the UX pretty easily.

@annevk
Copy link
Member
annevk commented May 4, 2016

I would prefer we try to ban these since they are synchronous I/O and should have no place on the platform.

@joelweinberger
Copy link
Contributor Author

I'll let @devd and @arturjanc comment, but we've already seen issues with converting applications to sandbox and Suborigins that makes banning them impractical. I also don't particular think Suborigins is the right place to deprecate APIs because we don't like their design, but that's more of a philosophical point.

@devd
Copy link
Contributor
devd commented May 5, 2016

Since suborigins are explicitly designed for "old code not trusted", it seems weird to force "this is how the future should look like" in suborigins. Sorry! I agree we want to kill these, but I don't think this is the place.

@arturjanc
Copy link

+1 to @devd / @metromoxie, I think we should maintain "feature parity" with non-suborigin contexts. Any time suborigins take something away we reduce the number of applications which can adopt them, and in the end reduce their security value.

FWIW I also like option 3; suborigins could be presented very similarly to subdomains in most UIs.

@annevk
Copy link
Member
annevk commented May 6, 2016

@devd well, now you're putting an additional tax on everyone implementing these APIs by making them more complicated.

@devd
Copy link
Contributor
devd commented May 6, 2016

My general thinking is that I am ok removing all the other synchronous APIs if we can keep localStorage or one such synchronous API around. Otherwise it becomes really painful to fake these.

@mitar
Copy link
mitar commented May 24, 2016

Treat Suborigins as a new origin with their own localStorage and sessionStorage. Good because it is probably the easiest to transfer applications to, but tough because it would be difficult to figure out how to best present this to users, especially in UX.

Please do this option. Using sessionStorage is very useful in our case for communicating between multiple iframes in the same suborigin. It allows a nice secure channel of communication where one does not need handles of other iframes, or postmessage over the main origin.

@mitar
Copy link
mitar commented May 24, 2016

I do not see really a reason why each suborigin would not simply get their own copy of localStorage and sessionStorage?

@joelweinberger joelweinberger added v1 and removed v1 labels Sep 30, 2016
@joelweinberger joelweinberger modified the milestone: v1 Sep 30, 2016
@devd
Copy link
Contributor
devd commented May 13, 2017

@jeisinger does the current implementation support localStorage in suborigins?

@arturjanc
Copy link

Yes: https://arturjanc.com/cgi-bin/suborigin-testing/localstorage.py (obviously still needs the Experimental Web Platform features flag set in Chrome).

@devd
Copy link
Contributor
devd commented May 14, 2017 via email

@jeisinger
Copy link
Member

fwiw, we separate all storage mechanisms by suborigin, so I guess it's fine to close this one

@annevk
Copy link
Member
annevk commented May 15, 2017

FWIW, it's unclear to me that changing the meaning of "origin" is the way to go. While more work, it seems better to change "origin" to "suborigin" (or some such) where needed and add the relevant tests for each case. That ensures we covered all ground and implementations won't miss anything.

Changing the meaning of an existing well understood concept was also tried with shadow DOM and it took years to sort it through.

@devd
Copy link
Contributor
devd commented May 15, 2017

hey Anne! Sorry; I don't understand the concern you are referencing. Do you mind flagging the issue more explicitly? I am sure you are right but just trying to understand the concern more clearly.

@annevk
Copy link
Member
annevk commented May 15, 2017

The concern is that we have a lot of standards prose branching on origin. Rather than changing how that works without going through it all, it seems better to explicitly change the prose that needs to branch on suborigins instead.

So instead of saying "this should be physical origin" we say "this should be suborigin".

@devd
Copy link
Contributor
devd commented May 16, 2017

aah ok. I think that's fine: per Jochen's note, that's what chrome does (tie storage to suborigins). Is there a particular wording change somewhere in the suborigin spec that you are alluding to? Or is this in the html spec?

@annevk
Copy link
Member
annevk commented May 16, 2017

If we go the way I suggest we'd have to change HTML for localStorage/sessionStorage (and every other feature that becomes suborigin rather than origin-bound).

@annevk
Copy link
Member
annevk commented Sep 27, 2017

With respect to OP I think we are concluded that localStorage and sessionStorage get their own double-keyed area, just like Indexed DB and others. How to make sure this is carefully defined is still a bit up in the air.

(To the question whether this generalizes to Origin Isolation, I don't think it should. It would make transitioning an origin to be isolated harder for marginal benefit when transitioning to isolated origins.

cc @estark37)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants