Skip to content

Instantly share code, notes, and snippets.

@buren
Created November 1, 2017 10:21
Show Gist options
  • Star 41 You must be signed in to star a gist
  • Fork 17 You must be signed in to fork a gist
  • Save buren/8d7c831822bc474164cc37dd522c2d1d to your computer and use it in GitHub Desktop.
Save buren/8d7c831822bc474164cc37dd522c2d1d to your computer and use it in GitHub Desktop.
Cross origin local storage sharing example (using an iframe and postMessage)
const CrossOriginLocalStorage = function(currentWindow, iframe, allowedOrigins, onMessage) {
this.allowedOrigins = allowedOrigins;
let childWindow;
// some browser (don't remember which one) throw exception when you try to access
// contentWindow for the first time, it works when you do that second time
try {
childWindow = iframe.contentWindow;
} catch(e) {
childWindow = iframe.contentWindow;
}
currentWindow.onmessage = (event) => {
if (!this.isAllowedOrigin(event.origin)) {
return;
}
return onMessage(JSON.parse(event.data), event);
};
this.isAllowedOrigin = (origin) => {
return this.allowedOrigins.includes(origin);
}
this.getData = (key) => {
const messageData = {
key: key,
method: 'get',
}
this.postMessage(messageData);
}
this.setData = (key, data) => {
const messageData = {
key: key,
method: 'set',
data: data,
}
this.postMessage(messageData);
}
this.postMessage = (messageData) => {
childWindow.postMessage(JSON.stringify(messageData), '*');
}
};
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Index</title>
<script src="/cross-origin-local-storage.js" charset="utf-8"></script>
</head>
<body>
<iframe src="http://localhost:4200/session-iframe.html" width="300px" height="300px"></iframe>
<script>
const allowedOrigins = [
'https://example.com',
'https://app.example.com',
'http://localhost:8000',
'http://localhost:4200'
];
window.onload = () => {
const onMessage = (payload, event) => {
const data = payload.data;
switch (payload.method) {
case 'storage#get':
console.log('message data', payload);
break;
default:
console.error('Unknown method "' + payload.method + '"', payload);
}
};
const iframe = document.getElementsByTagName('iframe')[0];
const cross = new CrossOriginLocalStorage(window, iframe, allowedOrigins, onMessage);
cross.setData('name', 'buren')
cross.getData('name')
};
</script>
</body>
</html>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#222531">
</head>
<body>
<h1>Session Iframe</h1>
<script type="text/javascript">
const allowedOrigins = [
'https://example.com',
'https://app.example.com',
'http://localhost:8000',
'http://localhost:4200'
];
window.onmessage = (e) => {
if (!allowedOrigins.includes(e.origin)) {
return;
}
const payload = JSON.parse(e.data);
switch(payload.method) {
case 'set':
localStorage.setItem(payload.key, JSON.stringify(payload.data));
break;
case 'get':
const parent = window.parent;
const data = localStorage.getItem(payload.key);
const returnPayload = {
method: 'storage#get',
data: data
}
parent.postMessage(JSON.stringify(returnPayload), '*');
break;
case 'remove':
localStorage.removeItem(payload.key);
break;
}
};
</script>
</body>
</html>
@genesishash
Copy link

created a repo that makes this a bit nicer, allows for 2-way sync between top.localStorage and the frame.

https://github.com/tosadvisor/xdomls

@buren
Copy link
Author

buren commented Oct 19, 2020

@tosadvisor cool!

@yangon99
Copy link

yangon99 commented Sep 16, 2023

NOTICE: chrome now have a feature called "storage partitioning". This new feature may make the actual situation not match the expectations

MDN page: State Partitioning

@emafriedrich
Copy link

It is not working right now. State partitioning that @yangon99 mentioned it seems the responsible. Tested on Firefox and Chrome in their last current versions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment