2

I am using a third party script in my web page which has logic for storing data in localstorage and indexeddb. The storage is having the origin as the domain of the web page hosted in my domain. I want to have domain of the third party script where the storage logic is. Is that possible?

Edit: I should have been more clear: Why is indexeddb using origin of html page than of origin of javascript file when they are hosted in 2 different domains?

Blue Jay
  • 71
  • 1
  • 12

1 Answers1

1

It is not possible. Cookies, localStorage or indexedDB resourced are límited to domain which has issued them. It is called same-origin policy

https://en.m.wikipedia.org/wiki/Same-origin_policy

Note that if you use a third party script in your domain, local storage of your domain will be used

To use localStorage issued in a secondary domain (which you control), you can use an embedded iframe of the other domain to access resources, and communicate with the main domain with postMessage

See http://blog.teamtreehouse.com/cross-domain-messaging-with-postmessage

And in this project you have a full example of a cross domain SSO sharing an authentication token stored in localStorage between several domains

https://github.com/Aralink/ssojwt

pedrofb
  • 37,271
  • 5
  • 94
  • 142
  • Glad to find someone answering me this. I am trying to figure this out from 2 days but no luck. For cookies, when JS is hosted in a different domain than web page, I am using "window.location.hostname" which uses js domain. I didn't find a way to do same for indexeddb or localstorage. There should be a way to achieve this.. – Blue Jay May 24 '16 at 15:35
  • It 's a security restriction. Thought to modify the localStorage of accounts.google.com should not be possible. It is possible to do something similar with iframes. I will improve the response. Please mark it as correct if you think that answers your question – pedrofb May 24 '16 at 15:52
  • I am going through different examples of using Iframe to get localstorage data stored in other domains. One thing which i am still unclear or confused is, Is there a way to know the local storage value if i just know the key name but not the domain name? The requirement I am looking for is: I have a JavaScript file which all my clients(different domains) use and local storage data is stored within respective client domain. When a user is seen across different client domains, i should be able to tell by accessing local storage data? – Blue Jay Jun 07 '16 at 03:13
  • You can't scan other domains looking for localStorage. You would need a central domain for the storage, an iframe created from your JavaScript pointing central domain, and comunicatte with postMessage. See my answer at http://stackoverflow.com/questions/37559827/how-youtube-gets-logged-in-to-gmail-account-without-redirect/37565692?noredirect=1#comment62651887_37565692 – pedrofb Jun 07 '16 at 06:33
  • Would you interested in general cross domain solution for localStorage? I think it would be simple to adapt my project code – pedrofb Jun 07 '16 at 06:36
  • I would appreciate it if it helps in either storing the data in a central domain (from many different domains) or allow retrieving the data from different domains. – Blue Jay Jun 07 '16 at 13:53