[jira] [Comment Edited] (CB-11032) Prevent LocalStorage from being read by other servers/domains

Thu, 08 Jun 2017 00:57:38 -0700 

    [ 
https://issues.apache.org/jira/browse/CB-11032?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16042374#comment-16042374
 ] 

Jan Visser edited comment on CB-11032 at 6/8/17 7:56 AM:
---------------------------------------------------------

Yeah sorry about that. I have to set up sites on 2 domains that write to and 
read from localstorage from different domains. Over HTTPS. So it will take some 
time setting up. And right now other things keep demanding my attention. I will 
do this eventually though...


was (Author: starquake):
Yeah sorry about that. I have to set up sites on 2 domains that write to and 
read from localstorage from different domain. Over HTTPS. So it will take some 
time setting up. And right now other things keep demanding my attention. I will 
do this eventually though...

> Prevent LocalStorage from being read by other servers/domains
> -------------------------------------------------------------
>
>                 Key: CB-11032
>                 URL: https://issues.apache.org/jira/browse/CB-11032
>             Project: Apache Cordova
>          Issue Type: Wish
>          Components: cordova-android, cordova-ios
>            Reporter: Jan Visser
>
> I have created a Cordova app so that customers can connect to their intranet 
> or internet server and see dashboards they created there. Their password is 
> remembered using a token that is refreshed with a new token on every login 
> and stored in LocalStorage. LocalStorage is scoped to the origin. The origin 
> of a Cordova app is file:/// or cordova:/// Every server I can connect to can 
> potentially read the tokens in the LocalStorage.
> My question: How can I prevent this? Anyone with an idea how to fix this? Or 
> are there any better ways to avoid this problem?
> I'm willing to put time and effort into this issue to create a solution 
> myself if necessary but first I would like to discuss what the best way to 
> implement this in Cordova should be. A new plugin? Or maybe add functionality 
> to an existing part of Cordova?



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to