Replace `localStorage` with a mock API which doesn't create permanent state

[arodic]

With cookies disabled, visiting websites that use window.localStorage and similar APIs throws an error sometimes completely breaking existing websites.

Consider replacing localStorage etc with a mock API that stores no data and allow rest of the js code to run normally.

[rebron]

cc: @snyderp aren't we doing this already?

@arodic do you have a couple site examples to test out?

[pes10k]

@rebron we don't mock the API currently, we report storage blocked (which is a case web devs should handle, but don't). It would be a neat / fine idea to mock the API instead of blocking though.

@jumde @fmarier @diracdeltas wdyt?

[fmarier]

Aside from checking whether or not storage is blocked, sites are likely to also check if they can read back what they just put in local storage. Maybe we should stash any such data into an in-memory data structure that gets cleared once the page is navigated away?

That would be similar to Safari's approach of accepting everything and then cleaning up later, except that "later" would be sooner than Safari which typically waits for at least 24 hours before clearing anything.

[pes10k]

yea, was discussing with @jumde . Maybe the best way forward would be the following?

1. Replace window.{local,session}Storage with a proxy that evals to something false-y (so that sites that correctly check to see if they have access to storage work correctly)
2. responds to all object set/get/delete operations as if it was just an empty {} (so that websites that assume they have access can read / write in / out)?

[darrylyeo]

Any plans on implementing this? I'd love to be able to disable cookies across the board without breaking websites that use Web Storage. In the meantime, maybe Web Storage could be a separate shield toggle from the cookies toggle?

[fmarier]

@darrylyeo Can you talk more about your use case? For example, if you were to disable cookies across the board, how would you log into websites?

I personally use uMatrix to block cookies by default and then whitelist sites I want to log into.

[darrylyeo]

@fmarier I'm using two separate browser profiles - one for general browsing where I turn on every Brave shield and privacy feature available to their most extreme settings, and a second profile with cookies allowed for sites that I need to log into. For the first profile, I have the default cookies shield set to "Cookies blocked", but currently I have to manually set it to "Cross-site cookies blocked" for some sites that break because of the Web Storage issue described.

[pes10k]

Closed in favor of #8514, which includes this functionality