legit communication of application that span into multiple domains #9
Comments
|
We are working on unpartitioning storage and communication channels using requestStorageAccess: https://groups.google.com/a/chromium.org/g/blink-dev/c/Mfkj1VqsKX0/m/iLk6xrdMAAAJ In the meantime you can use the deprecation trial (at least in chrome): https://developer.chrome.com/blog/storage-partitioning-deprecation-trial/ |
|
It's good news that there will be a way to request Cross-origin access. Is this something that will be part of some kind of spec? So other browsers like Safari can implement it. I think it will be more likely that they will add something like this if it's part of some kind of spec. |
|
Yes. See cross-browser discussion in here: |
|
An update on the Origin Trial for some storage/communication mechanisms is here: https://developer.chrome.com/blog/saa-non-cookie-storage/ BroadcastChannel is available in the same Origin Trial with the Chrome 121 beta that should be promoted later this week https://chromiumdash.appspot.com/schedule. |
Is there any way to make the cross-domain communication work with this feature on? Sometimes it's legit for the application to share data (send messages between different domains) it's not only a cause of vulnerabilities and privacy violations.
I have a library sysend.js that is a way to send messages between domains. The library is already broken in Safari, because of 3rd party cookie policy that blocks everything without any exceptions.
Is there any way to make at least BroadcastChannel allow to share information Cross-domain?
As stated there are legit use cases where this new API breaks the apps created on different domains.
See the issue here: jcubic/sysend.js#54
The text was updated successfully, but these errors were encountered: