search

marcuswestin / store.js

Cross-browser storage for all use cases, used across the web.
MIT License
14.02k stars 1.33k forks source link

SecurityError #190

Closed hyperknot closed 7 years ago

hyperknot commented 7 years ago

I'm getting a Sentry report for Mobile Safari raising SecurityError when running Global.localStorage.

store/storages/localStorage.js line 13:

var localStorage = Global.localStorage

User agent:

Mozilla/5.0 (iPad; CPU OS 10_2_1 like Mac OS X) AppleWebKit/602.4.6 (KHTML, like Gecko) Version/10.0 Mobile/14D27 Safari/602.1
hyperknot commented 7 years ago

I've received a new report, this time from desktop Chrome on OS X:

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
SecurityError: Failed to read the 'localStorage' property from 'Window': Access is denied for this document.

Same line

marcuswestin commented 7 years ago

Thanks! I think I know whatsup. Will fix and release later today. Cheers!

hyperknot commented 7 years ago

Also, these were happening when run within an iframe, and your tests might not cover iframe usage, where browsers have different security models.

marcuswestin commented 7 years ago

Good point! I'll add tests for that. Is it necessary for the iframe to run on a different domain?

marcuswestin commented 7 years ago

Actually, if you could just quickly describe the environment and any meaningful info here that would be super helpful. I'll make sure to get test coverage around it all.

marcuswestin commented 7 years ago

(I really appreciate that you're taking the time to get it into production and funnel error cases from the wild! Nothing's like real world usage to hammer out all the kinks, and it takes a good guy to take it on to make it happen :) so thank you!)

hyperknot commented 7 years ago

So I'm running maphub.net and a popular feature is to embed maps to websites via iframe code. Now these iframes are displayed on all kind of browsers for all kind of users, and I get the bug reports via Sentry, but actually I have no idea how to reproduce the bugs reported.

I know that they run in an iframe and I also know the user agent string but that's pretty much it.

marcuswestin commented 7 years ago

Got it - I'll see what I can do based on that info.

I just tagged and released v2.0.2 with (I think) a fix for this. If you give it a spin I'd love to hear how it goes.

hyperknot commented 7 years ago

I'd be happy to deploy it if you could merge the uglify PR as I cannot use it otherwise.

hyperknot commented 7 years ago

I'll be deploying with c92f18d1c7c5fe6f9fb4187e30a8b8ab16a9a787 now.

marcuswestin commented 7 years ago

👍