Closed
Description
openedon Mar 3, 2020
Currently non eTLD+1 frames get do not have any storage, which means frames expecting normal acting localStorage, document.cookie, etc will have web compat problems.
non eTLD+1 frames should instead get
- Empty storage (e.g. the frame at start doesn't see any stored values)
- site length storage (all storage is deleted when all top-level frames pointing at the site are closed / deleted)
- API compatible storage (e.g. document.cookie acts in the weird ways document.cookie acts, etc.)
- Isolation from other ways of getting to the domain's normal storage (e.g. either prevent them from spinning up workers, or ensure that those workers get similar ephemeral / isolated storage)
- partitioned-by-frame storage (two A frames under the same B frame see the same storage, but A frames under different B frames see different storage, A under B sees different storage than A under C or top-level-A)
- (possibly) Storage Access API escape valve (sites wanting more storage can use storage access API to get global / unpartitioned storage)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment