堆栈内存溢出
  简体   繁体   English

如何在客户网站上开设第三方 localStorage 商店?

[英]How do I open a third party localStorage store on a client website?

 原文  2015-07-07 13:32:27       javascript/ html/ local-storage

问题描述

I'm writing a third party native JavaScript component which uses localStorage on the client.我正在编写一个第三方本机 JavaScript 组件,它在客户端上使用 localStorage。

When looking at the Resources tab on Chrome DevTools I see that my localStorage entries are stored under the client domain.在 Chrome DevTools 上查看资源选项卡时,我看到我的 localStorage 条目存储在客户端域下。 For example: let's say my file comes from cdn.3rd.com and is used as resource on stackoverflow.com - then in this case my localStorage entries are saved under the http://stackoverflow.com store.例如:假设我的文件来自 cdn.3rd.com 并用作 stackoverflow.com 上的资源 - 那么在这种情况下,我的 localStorage 条目保存在http://stackoverflow.com存储下。

However, looking at different websites, I see that normally third party localStorage entries are saved to stores under the third party's domain.但是,查看不同的网站,我发现通常第三方 localStorage 条目会保存到第三方域下的商店中。 For example in bbc.com I see a store for iperceptions.com, and in cnn.com there's a store for outbrain.com.例如,在 bbc.com 中,我看到了 iperceptions.com 的商店,而在 cnn.com 中,我看到了 outbrain.com 的商店。

So how do I open a localStorage store for my own domain on the client's page?那么如何在客户端页面上为我自己的域打开一个 localStorage 存储呢?

1 个解决方案

解决方案1
 4  2015-07-07 14:08:31

Due to these following limitations, you can't access localStorage of other 3rd party site.由于以下这些限制,您无法访问其他 3rd 方站点的 localStorage。

HTML5 does not allow cross-origin access for localStorage HTML5 不允许对 localStorage 进行跨域访问

Basically, localStorage is an origin-specific resource thus access from other sites to the localStorage is prohibited.基本上, localStorage是特定于源的资源,因此禁止从其他站点访问 localStorage。 In the very early stage of HTML5 draft, there was a globalStorage which fully allows cross-domain access but it was then removed due to security concern.在 HTML5 草案的早期阶段,有一个globalStorage完全允许跨域访问,但由于安全问题后来被删除。 So the WebAPI currently focuses on security seriously.因此,WebAPI 目前非常重视安全性。

Known workaround - only works if you have an administrative privilege of target site已知的解决方法 - 仅当您具有目标站点的管理权限时才有效

There is a very nice article which demonstrates how to cross-origin access localStorage with iframe .有一篇非常好的文章演示了如何使用 iframe 跨域访问 localStorage However, this approach requires you to modify the target site's client script to relay the localStorage content across iframe to your site by message posting.但是,此方法要求您修改目标站点的客户端脚本,以通过消息发布将 localStorage 内容跨 iframe 中继到您的站点。 Thus, you can't do it without a full administration access to the target site.因此,如果没有对目标站点的完全管理访问权限,您将无法执行此操作。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在第三方框架中放置第三方网站或链接到网站? - How do I put a third party website or link to a website to open in a frame on my webpage? 如何持久且安全地存储用户第三方 api 密钥? - How do i persistently and securely store a users third party api keys? 在客户端上,如何下载映像,然后以POST请求的形式发送到第三方服务器? - On client, how do I download an image, then send as POST request to third party server? 如何在div中打开第三方 - How to open Third Party in div 如何将这些值存储在 localStorage 中? - How do I store these values in localStorage? 如何访问 NuxtJs 商店中的 localStorage? - How do I access localStorage in store of NuxtJs? mongodb返回Cursor,我遍历并将对象添加到数组中,如何在没有第三方库的情况下将数组发送到客户端? - mongodb returns Cursor, I loop through and add objects into an array, how do I send the array to the client side without third party libraries? 如何加密网站中的第三方api密钥 - how to encrypt third party api key in a website 如何使用 Jest 模拟第三方软件包? - How do I mock a third party package with Jest? 如何在 Angular 6 中注入/集成第三​​方库? - How do I inject/integrate a third party library in Angular 6?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM