9

I would like to create data on the user side and let javascript from another URL access it too. I am aware of the same origin policy, but I was wondering whether it is possible to create some exceptions. Or, is there any trick/feature I could use?

Jérôme Verstrynge
  • 57,710
  • 92
  • 283
  • 453
  • Is the other URL embedded in an iframe? – louisbros Apr 22 '13 at 10:39
  • No, it is not embedded. – Jérôme Verstrynge Apr 22 '13 at 10:41
  • The only way I know of is if you are using localstorage in a browser extension or interframe. I'm not sure about IndexedDB though, I haven't played enough with that. – Xotic750 Apr 22 '13 at 10:49
  • I don't think you can set any exceptions (maybe something like [`document.domain`](https://developer.mozilla.org/en-US/docs/DOM/document.domain) to circumvent SOP) - you can only load that other site and use cross-origin-messaging to pass the data – Bergi Apr 22 '13 at 11:18
  • Does this answer your question? [cross domain localstorage with javascript](https://stackoverflow.com/questions/33957477/cross-domain-localstorage-with-javascript) – Anderson Green Jun 09 '21 at 23:30

1 Answers1

16

Best trick I know is to use iframes and postMessage API do get access to localStorage from external domain.

This technique is quite simple:

  • on you page you must create iframe to a domain from which you want to get data

  • your data domain need listen to message event:

    document.addEventListener ("message", handler, useCapture);

  • handler will be responsible for accessing localStorage and posting its content to source domain

  • your source domain may call handler function on data domain with postMessage API https://developer.mozilla.org/en-US/docs/DOM/window.postMessage

For security of your data you can use HTTP header X-Frame-Options ALLOW-FROM uri https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options?redirectlocale=en-US&redirectslug=The_X-FRAME-OPTIONS_response_header

Hope it will help.

chrmod
  • 1,415
  • 12
  • 19