Jan Visser created CB-11032:
-------------------------------
Summary: Prevent LocalStorage from being read by other
servers/domains
Key: CB-11032
URL: https://issues.apache.org/jira/browse/CB-11032
Project: Apache Cordova
Issue Type: Wish
Components: Android, iOS
Reporter: Jan Visser
I have created a Cordova app so that customers can connect to their intranet or
internet server and see dashboards they created there. Their password is
remembered using a token that is refreshed with a new token on every login and
stored in LocalStorage. LocalStorage is scoped to the origin. The origin of a
Cordova app is file:/// or cordova:/// Every server I can connect to can
potentially read the tokens in the LocalStorage.
My question: How can I prevent this? Anyone with an idea how to fix this? Or
are there any better ways to avoid this problem?
I'm willing to put time and effort into this issue to create a solution myself
if necessary but first I would like to discuss what the best way to implement
this in Cordova should be. A new plugin? Or maybe add functionality to an
existing part of Cordova?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
