Skip to content
Switch branches/tags
Go to file
Cannot retrieve contributors at this time

Cross Domain Local Storage

  1. Problem
  2. Solution
  3. Why not use cookies?
  4. Installation
  5. Usage
  6. API
  7. Angular Support
  8. Demo
  9. Tests
  10. Limitations


As for now, standard HTML5 Web Storage (a.k.a Local Storage) doesn't now allow cross domain data sharing. This may be a big problem in an organization which have a lot of sub domains and wants to share client data between them.


xdLocalStorage is a lightweight js library which implements LocalStorage interface and support cross domain storage by using iframe post message communication.

Why not use cookies?

Although cookies can be shared between sub domains, cookies have the overhead of being sent to the server on each request. They're also have a size limit (4K for all cookies together)


Download latest release from here or use bower/npm (recommended)

bower install xdLocalStorage --save
npm install --save xdlocalstorage


  • Create an empty html with the following content:
<!DOCTYPE html>
    <script src="xdLocalStoragePostMessageApi.min.js"></script>
    This is the magical iframe
  • On your client page (the page you will read/store your data from) add:
 <!-- if you use angular continue reading.. there's angular support -->
 <script src="scripts/xdLocalStorage.min.js"></script>
  • Init xdLocalStorage
            /* required */
            iframeUrl:'path to your html from step 1',
            //an option function to be called right after the iframe was loaded and ready for action
            initCallback: function () {
                console.log('Got iframe ready');


    // Store
    xdLocalStorage.setItem(key, value, function (data) { /* callback */ });

    // Retrieve
    xdLocalStorage.getItem(key, function (data) { /* callback */ });

    // Remove
    xdLocalStorage.removeItem(key, function (data) { /* callback */ });

    // Key Name
    xdLocalStorage.key(index, function (data) { /* callback */ });

    // Clear All
    xdLocalStorage.clear(function (data) { /* callback */ });

Angular Support

UPDATE: Since version 2.0.0 the xdLocalStorage service supports promise interface hence no more annoying callbacks :)

  • import ng-xdLocalStorage.min.js instead of xdLocalStorage.min.js

  • include xdLocalStorage module and call init in a run block.

angular.module('yourModule', ['xdLocalStorage']).run(function (xdLocalStorage) {
        /* required */
        iframeUrl:'path to your html from step 1'
    }).then(function () {
        //an option function to be called once the iframe was loaded and ready for action
        console.log('Got iframe ready');
  • inject xdLocalStorage where ever you want and use the API
angular.module('yourModule').run(function(xdLocalStorage) {
    xdLocalStorage.getItem(key).then(function (response) {


Here's the demo


I covered the basic API with tests here


Apple has updated the defaults on Safari 7+ both on desktop and mobile to block 3rd party data. The option is now called "Block cookies and other website data" which refers to things like localstorage which are now completely isolated by domain.

This implies that unfortunately this library will not be able to share cross domain information on Safari 7+.