[英]How do I open a third party localStorage store on a client website?
I'm writing a third party native JavaScript component which uses localStorage on the client.我正在编写一个第三方本机 JavaScript 组件,它在客户端上使用 localStorage。
When looking at the Resources tab on Chrome DevTools I see that my localStorage entries are stored under the client domain.在 Chrome DevTools 上查看资源选项卡时,我看到我的 localStorage 条目存储在客户端域下。 For example: let's say my file comes from cdn.3rd.com and is used as resource on stackoverflow.com - then in this case my localStorage entries are saved under the http://stackoverflow.com store.
例如:假设我的文件来自 cdn.3rd.com 并用作 stackoverflow.com 上的资源 - 那么在这种情况下,我的 localStorage 条目保存在http://stackoverflow.com存储下。
However, looking at different websites, I see that normally third party localStorage entries are saved to stores under the third party's domain.但是,查看不同的网站,我发现通常第三方 localStorage 条目会保存到第三方域下的商店中。 For example in bbc.com I see a store for iperceptions.com, and in cnn.com there's a store for outbrain.com.
例如,在 bbc.com 中,我看到了 iperceptions.com 的商店,而在 cnn.com 中,我看到了 outbrain.com 的商店。
So how do I open a localStorage store for my own domain on the client's page?那么如何在客户端页面上为我自己的域打开一个 localStorage 存储呢?
Due to these following limitations, you can't access localStorage of other 3rd party site.由于以下这些限制,您无法访问其他 3rd 方站点的 localStorage。
HTML5 does not allow cross-origin access for localStorage HTML5 不允许对 localStorage 进行跨域访问
Basically, localStorage
is an origin-specific resource thus access from other sites to the localStorage is prohibited.基本上,
localStorage
是特定于源的资源,因此禁止从其他站点访问 localStorage。 In the very early stage of HTML5 draft, there was a globalStorage
which fully allows cross-domain access but it was then removed due to security concern.在 HTML5 草案的早期阶段,有一个
globalStorage
完全允许跨域访问,但由于安全问题后来被删除。 So the WebAPI currently focuses on security seriously.因此,WebAPI 目前非常重视安全性。
Known workaround - only works if you have an administrative privilege of target site已知的解决方法 - 仅当您具有目标站点的管理权限时才有效
There is a very nice article which demonstrates how to cross-origin access localStorage with iframe .有一篇非常好的文章演示了如何使用 iframe 跨域访问 localStorage 。 However, this approach requires you to modify the target site's client script to relay the localStorage content across iframe to your site by message posting.
但是,此方法要求您修改目标站点的客户端脚本,以通过消息发布将 localStorage 内容跨 iframe 中继到您的站点。 Thus, you can't do it without a full administration access to the target site.
因此,如果没有对目标站点的完全管理访问权限,您将无法执行此操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.