localStorage throws Security error: "The operation is insecure"!

RESOLVED INCOMPLETE

Status

P5
normal
RESOLVED INCOMPLETE
a year ago
a year ago

People

(Reporter: a_pis, Unassigned)

Tracking

Details

(URL)

(Reporter)

Description

a year ago
:: Developer Documentation Request

      Request Type: Correction
     Gecko Version: 54 Branch
 Technical Contact: 

:: Details

localStorage throws Security error: "The operation is insecure"!
So all the effort you have done to explain how localStorage works, is in vain (at least for those cases that can't use it). I am sure this is not new to you, so why don't you mentio the problem at start so that people at least know what they should expect?
Can you explain what actually you did?
Do you have a standalone testcase that throws the error?
How it doesn't match to what you expected at the beginning?
Flags: needinfo?(a_pis)
(Reporter)

Comment 2

a year ago
Oh, I'm sorry, I assumed it was obvious ... Here is a JS exemple:

  localStorage.setItem("stored", str);  // Storing a string
  str = localStorage.getItem("stored"); // Retrieve the string (at some other point)

I have met this in quite a few places in the Web, and no one mentions that there might be a security error!(In reply to Tooru Fujisawa [:arai] from comment #1)
> Can you explain what actually you did?
> Do you have a standalone testcase that throws the error?
> How it doesn't match to what you expected at the beginning?

(In reply to Tooru Fujisawa [:arai] from comment #1)
> Can you explain what actually you did?
> Do you have a standalone testcase that throws the error?
> How it doesn't match to what you expected at the beginning?
Flags: needinfo?(a_pis)
where do you run the JS code?
also, in your code, str is not defined, so I think that's not complete code.
Flags: needinfo?(a_pis)
(Reporter)

Comment 4

a year ago
... But, this is an example, not the actual code! Of course the 'str' has been previously defined!
Never mind, forget about the problem.
Flags: needinfo?(a_pis)
The problem here is that we need to know:

* Which line is generating the error, so we know which method to investigate?

* Do you have anything configured in your browser's security policies which would prevent the domain under which the code is running from persisting data?

* Which browser and browser version is this happening in? Or does it happen in multiple browsers?

* What is the document origin? If you can't share that, replace the sensitive components of the origin with something generic, leaving the structure intact. For example, http://www.mytopsecretsite.com/secretpage.html could become "http://www.example.com/page.html" and http://www.mysite.com:600 could become "http://www.mysite.com:8080".

These details matter.

That said, yes, it's an error that the page doesn't include an "Exceptions" section, since exceptions can happen.
Flags: needinfo?(a_pis)
(Reporter)

Comment 6

a year ago
Thank you for your reply, Eric. I have kind of forgotten about this issue. And I hd dropped the idea, finding another solution. 
But now that you brought the issue back, I tried again -- with a later version of Firefox (55.0) that I installed a few minutes ago -- and it works fine! What a timing!

(BTW, version 55 also solved the problem with autorefreshing of Google pages, i.e. losing focus on a Google page after moving to another webpage and coming back -- something really annoying! I am not sure though if it's the new version that solved the problem or the upgrading setup process??)
Flags: needinfo?(a_pis)
Status: UNCONFIRMED → RESOLVED
Last Resolved: a year ago
Resolution: --- → INCOMPLETE
(the exceptions section has been added though)
(Reporter)

Comment 8

a year ago
OK. Thanks.

BTW, I don't see how I can set this issue as resolved. Shouldn't the person who starts a thread be also able to close it?
Actually, this should be requested, i.e. when the person who started the thread is satisfied with a solution given. Otherwise, the issue can go on and on beyond its solution!

-- I CONSIDER THIS ISSUE RESOLVED --
You need to log in before you can comment on or make changes to this bug.