Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

indexedDB and caches not isolated between proxied websites #29

Closed
ruochenjia opened this issue Feb 20, 2023 · 1 comment · Fixed by #31
Closed

indexedDB and caches not isolated between proxied websites #29

ruochenjia opened this issue Feb 20, 2023 · 1 comment · Fixed by #31
Milestone
Security Fixes

Comments

@ruochenjia
Copy link

ruochenjia commented Feb 20, 2023
edited

I did a site data security test in my browser console, localStorage and sessionStorage are isolated between proxied websites, but indexedDB and caches are not. The await caches.keys(); code in a proxied website returns exactly the same as the code in the root domain.

image
@e9x e9x added this to the Security Fixes milestone Feb 25, 2023
@e9x
Copy link
Member

e9x commented Feb 25, 2023

Maybe we can prefix the key with the domain origin like in stomp:
https://github.com/e9x/stomp-rewrite/blob/fe1de8170fe057bbdc5ddaf2ed1e44c54187f0dd/src/inject/modules/IndexedDB.ts#L13

caches will take longer to implement because there isn't any sort of reference/tried and true method.

@e9x e9x linked a pull request Feb 25, 2023 that will close this issue
add idb api #31
Merged
@e9x e9x closed this as completed in #31 Feb 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Security Fixes
Development

Successfully merging a pull request may close this issue.

add idb api titaniumnetwork-dev/Ultraviolet
2 participants
@ruochenjia @e9x