OPFS calls fail and raise exceptions in cross-site iframes
Categories
(Core :: DOM: File, defect)
Tracking
()
People
(Reporter: barry, Assigned: jjalkanen)
Details
Attachments
(2 files)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36
Steps to reproduce:
Open a site with a cross-site iframe (i.e. not same origin, nor same site).
For example: https://www.tunetheweb.com/experiments/opfs/
Open the console, switch to the iframe, and type the following in the console:
await navigator.storage.getDirectory()
Note the error:
Uncaught (in promise) DOMException: Security error when calling GetDirectory
<anonymous> debugger eval code:2
<anonymous> debugger eval code:3
debugger eval code:2
This also appears on page load, because the test page calls that function on load.
Actual results:
OPFS calls like navigator.storage.getDirectory() fail and raise an exception
Expected results:
The OPFS should be available in cross-site iframes (it is in Chrome and Safari).
It should be partitioned instead of not work and raise an exception.
|
||
Comment 1•11 months ago
|
||
Looking at the demo, it seems like Firefox erroneously fails the spec at the second step of the the getDirectory() method steps.
|
||
Comment 2•11 months ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::DOM: File' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
|
||
Updated•11 months ago
|
|
Assignee | |
Updated•11 months ago
|
|
||
Updated•11 months ago
|
|
|
Assignee | |
Comment 3•11 months ago
|
||
|
|
Assignee | |
Updated•11 months ago
|
|
|
Assignee | |
Comment 4•10 months ago
|
||
Depends on D197518
|
||
Updated•10 months ago
|
Description
•