🔥 Bunsen Browser provides easy to use offline P2P application and file distribution that is verifiable on Android devices. https://bunsenbrowser.github.io/
117
stars
7
forks
source link
Iframe containing app needs `allow-same-origin` sandbox policy to allow use of localStorage #90
When trying to run my dat apps on Bunsen, they would always just display a blank page. Thanks to your release of the debug build of Bunsen, I can now see why :)
context
The problem is with localStorage : my apps use it to store things like encryption keys and list of connected archives (a base app creates archives owned by user to store their data), I need to store those references outside of dat archives. The apps usually try to find those references before even trying to render my react content and trying to access localStorage triggers an exception, thus the blank pages.
the problem
I've made a simple test page : if localStorage works, it prints "localStorage", otherwise it prints "not localStorage". In Bunsen, it would print "not localStorage".
Inspecting it, it appears it's related to an iframe rendering the dat content not being allowed to use localStorage in the first place :
I've isolated the related iframe to be this one :
And indeed, if I add the allow-same-origin value in sandbox attribute on it in the inspector and reload the dat in Bunsen, localStorage works as expected :
Looking at the code, I'm confused where it can be managed. This seems to be the one, but it already has allow-same-origin. So either it's not the one at all (this one is the only relevant line from what I saw in the code, but I guess it could come from an external dependency), or something is removing the allow-same-origin value. Does it ring a bell?
When trying to run my dat apps on Bunsen, they would always just display a blank page. Thanks to your release of the debug build of Bunsen, I can now see why :)
context
The problem is with localStorage : my apps use it to store things like encryption keys and list of connected archives (a base app creates archives owned by user to store their data), I need to store those references outside of dat archives. The apps usually try to find those references before even trying to render my react content and trying to access localStorage triggers an exception, thus the blank pages.
the problem
I've made a simple test page : if localStorage works, it prints "localStorage", otherwise it prints "not localStorage". In Bunsen, it would print "not localStorage".
Inspecting it, it appears it's related to an iframe rendering the dat content not being allowed to use localStorage in the first place :
I've isolated the related iframe to be this one :
And indeed, if I add the
allow-same-originvalue insandboxattribute on it in the inspector and reload the dat in Bunsen, localStorage works as expected :Looking at the code, I'm confused where it can be managed. This seems to be the one, but it already has
allow-same-origin. So either it's not the one at all (this one is the only relevant line from what I saw in the code, but I guess it could come from an external dependency), or something is removing theallow-same-originvalue. Does it ring a bell?