I'm writing a third party native JavaScript ponent which uses localStorage on the client.
When looking at the Resources tab on Chrome DevTools I see that my localStorage entries are stored under the client domain. For example: let's say my file es from cdn.3rd and is used as resource on stackoverflow - then in this case my localStorage entries are saved under the store.
However, looking at different websites, I see that normally third party localStorage entries are saved to stores under the third party's domain. For example in bbc I see a store for iperceptions, and in cnn there's a store for outbrain.
So how do I open a localStorage store for my own domain on the client's page?
I'm writing a third party native JavaScript ponent which uses localStorage on the client.
When looking at the Resources tab on Chrome DevTools I see that my localStorage entries are stored under the client domain. For example: let's say my file es from cdn.3rd. and is used as resource on stackoverflow. - then in this case my localStorage entries are saved under the http://stackoverflow. store.
However, looking at different websites, I see that normally third party localStorage entries are saved to stores under the third party's domain. For example in bbc. I see a store for iperceptions., and in cnn. there's a store for outbrain..
So how do I open a localStorage store for my own domain on the client's page?
Share Improve this question edited May 1, 2020 at 18:52 cellepo 4,5294 gold badges41 silver badges65 bronze badges asked Jul 7, 2015 at 13:32 DondeyDondey 2775 silver badges14 bronze badges 1- 1 stackoverflow./questions/4201239/… and stackoverflow./questions/16036095/… – j08691 Commented Jul 7, 2015 at 13:55
1 Answer
Reset to default 5Due to these following limitations, you can't access localStorage of other 3rd party site.
HTML5 does not allow cross-origin access for localStorage
Basically, localStorage is an origin-specific resource thus access from other sites to the localStorage is prohibited. In the very early stage of HTML5 draft, there was a globalStorage which fully allows cross-domain access but it was then removed due to security concern. So the WebAPI currently focuses on security seriously.
Known workaround - only works if you have an administrative privilege of target site
There is a very nice article which demonstrates how to cross-origin access localStorage with iframe. However, this approach requires you to modify the target site's client script to relay the localStorage content across iframe to your site by message posting. Thus, you can't do it without a full administration access to the target site.