1381307 - localStorage throws Security error: "The operation is insecure"!

Status: RESOLVED INCOMPLETE

(Developer Documentation Graveyard :: General, defect, P5)

Description

[a_pis@otenet.gr]

:: Developer Documentation Request

      Request Type: Correction
     Gecko Version: 54 Branch
 Technical Contact: 

:: Details

localStorage throws Security error: "The operation is insecure"!
So all the effort you have done to explain how localStorage works, is in vain (at least for those cases that can't use it). I am sure this is not new to you, so why don't you mentio the problem at start so that people at least know what they should expect?

Comment 1

[Tooru Fujisawa [:arai]]

Can you explain what actually you did?
Do you have a standalone testcase that throws the error?
How it doesn't match to what you expected at the beginning?

Comment 2

[a_pis@otenet.gr]

Oh, I'm sorry, I assumed it was obvious ... Here is a JS exemple:

  localStorage.setItem("stored", str);  // Storing a string
  str = localStorage.getItem("stored"); // Retrieve the string (at some other point)

I have met this in quite a few places in the Web, and no one mentions that there might be a security error!(In reply to Tooru Fujisawa [:arai] from comment #1)
> Can you explain what actually you did?
> Do you have a standalone testcase that throws the error?
> How it doesn't match to what you expected at the beginning?

(In reply to Tooru Fujisawa [:arai] from comment #1)
> Can you explain what actually you did?
> Do you have a standalone testcase that throws the error?
> How it doesn't match to what you expected at the beginning?

Comment 3

[Tooru Fujisawa [:arai]]

where do you run the JS code?
also, in your code, str is not defined, so I think that's not complete code.

Comment 4

[a_pis@otenet.gr]

... But, this is an example, not the actual code! Of course the 'str' has been previously defined!
Never mind, forget about the problem.

Comment 5

[Eric Shepherd [:sheppy]]

The problem here is that we need to know:

* Which line is generating the error, so we know which method to investigate?

* Do you have anything configured in your browser's security policies which would prevent the domain under which the code is running from persisting data?

* Which browser and browser version is this happening in? Or does it happen in multiple browsers?

* What is the document origin? If you can't share that, replace the sensitive components of the origin with something generic, leaving the structure intact. For example, http://www.mytopsecretsite.com/secretpage.html could become "http://www.example.com/page.html" and http://www.mysite.com:600 could become "http://www.mysite.com:8080".

These details matter.

That said, yes, it's an error that the page doesn't include an "Exceptions" section, since exceptions can happen.

Comment 6

[a_pis@otenet.gr]

Thank you for your reply, Eric. I have kind of forgotten about this issue. And I hd dropped the idea, finding another solution. 
But now that you brought the issue back, I tried again -- with a later version of Firefox (55.0) that I installed a few minutes ago -- and it works fine! What a timing!

(BTW, version 55 also solved the problem with autorefreshing of Google pages, i.e. losing focus on a Google page after moving to another webpage and coming back -- something really annoying! I am not sure though if it's the new version that solved the problem or the upgrading setup process??)

Comment 7

[Eric Shepherd [:sheppy]]

(the exceptions section has been added though)

Comment 8

[a_pis@otenet.gr]

OK. Thanks.

BTW, I don't see how I can set this issue as resolved. Shouldn't the person who starts a thread be also able to close it?
Actually, this should be requested, i.e. when the person who started the thread is satisfied with a solution given. Otherwise, the issue can go on and on beyond its solution!

-- I CONSIDER THIS ISSUE RESOLVED --