Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

storing token in localstorage with safari iOS ("The operation is insecure") #1120

Open
acomito opened this issue Feb 25, 2021 · 4 comments
Open
Labels

Comments

@acomito
Copy link

acomito commented Feb 25, 2021

Not really a bug but thought it could be good to have this conversation here for posterity.

I never noticed this before, but if you try to use localStorage with safari, you get an error "The operation is insecure" and you can't store anything in localStorage.

I think this used to only be in private mode, but I'm seeing it in normal browsing too.

Anybody else running into this as of late? Are you storing your JWT in localstorage or elsewhere (I know this is frowned upon by a lot of people)?

Does accountsjs have other options (sessions/cookies)?

There are some other packages like store.js and localForage that may be a work around

https://github.com/localForage/localForage

I'm using local-storage-fallback right now, which let's people log in, but it won't persist if you refresh the page.

@acomito acomito added the bug label Feb 25, 2021
@pradel
Copy link
Member

pradel commented Mar 18, 2021

Okay this is really bad, I wasn't aware of this, is there some other recommended storage?
As a workaround you can store in js-cookies to get persistent sessions on safari

@acomito
Copy link
Author

acomito commented Mar 19, 2021

Were you able to reproduce it?

@pradel
Copy link
Member

pradel commented Mar 19, 2021

I didn't try but didn't get any complaints from our users so far

@acomito
Copy link
Author

acomito commented Mar 22, 2021

I can't seem to get js-cookie to work on iOS... right now I'm using local-storage-fallback like this


  getLocalStorage: (valueName) => {
    try {
      if (!iOS()) {
        return window.localStorage.getItem(valueName);
      } else {
        return storage.getItem(valueName);
      }
    } catch (err) {
      throw new Error(err.message);
    }
  },
  setLocalStorage: (valueName, valueToSet) => {
    try {
      if (!iOS()) {
        return window.localStorage.setItem(valueName, valueToSet);
      } else {
        return storage.setItem(valueName, valueToSet);
      }
    } catch (err) {
      throw new Error(err.message);
    }
  },
  removeLocalStorage: (valueName) => {
    try {
      if (!iOS()) {
        return window.localStorage.removeItem(valueName);
      } else {
        return storage.removeItem(valueName);
      }
    } catch (err) {
      throw new Error(err.message);
    }
  },

The only issue is if we do a page refresh, it looses the token.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants