Closed nicktaras closed 2 years ago
@nicktaras , as you can see in docs - Access Storage API is experimental. Can we develop tools, based on experimental technology? Same time it have limited browser support. Maybe better open additional browser tab instead of iframe? After actions we can auto-close that tab.
Thanks for the suggestion @oleggrib.
For the design, I chose to use cross origin cookies as a solution that from initial tests can be read by the origin website.
Because of the nature of our design, opening iframes for example 20 token issuers would not be a good web experience for a user to authenticate access to attestations. I think this would only work if the attestations were centralised e.g. if we had a Smart Token Labs webpage that contains attestations for all tokens.
Not sure if this is still relevant: https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more/. The highlight is:
7-Day Cap on All Script-Writeable Storage
Just adding some notes on this topic. Sorry also for my late reply to your post @hboon.
From a few days of testing the Storage API in the office following the docs. It appeared that the Storage API was restricting some access to Local Storage and Cookies in scenarios where they already existed. However the document doesn't suggest such restrictions + the API has gained recent traction since:
https://chromestatus.com/feature/5612590694662144 (26/11/21)
I'll keep this API in mind to look into again soon - it will improve the user experience (where in the current, pop ups are used etc and no so elegant to see). However the 7 days of script writable storage will impact us in all of the tried and tested options, due to the use of local storage as part of the solution.
Google are working on a new feature called 'Secure Tokens' that appears to solve these issues - where I'll keep my eyes on this feature and its adoption.
Closing this, where we are using local storage and either iframe of tab depending on the browser feature support available.
Post Message is not permitted on many browsers including; Safari (MAC, IOS), Brave, Chrome (IOS).
As a work around to this problem, the use of Access API, Cookies and Local storage can be used.
See branch; https://github.com/TokenScript/token-negotiator-examples/tree/wip-access-storage
Technical Requirements:
Tokens through Iframe