-
Notifications
You must be signed in to change notification settings - Fork 74
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Storage of authentication details fails in Safari when using Private Window #160
Comments
@chriswait can you set/modify cookies from JS in Safari when in private mode? That could mitigate the storage aspect, so it could fallback to cookie storage if local storage is unavailable. |
@liamdawson Yeah, they can be set/modified, and they're cleared when the private window is closed. The base config uses The Storage class only appears able to return I wondered if falling back to At a minimum, improving the checking to cover the 'read only' case would at least result in a clearer error being reported by aurealia-auth. The long term solution looks like implementing cookies, which would provide storage at least until the browser window is closed. |
Just noticed that storing authentication details using cookies is already a feature request in issue #156 - if cookie-storage were to be implemented then adding some kind of graceful fallback would solve this issue. |
Background:
When Safari is in Private Window mode, localStorage is disabled by design (marcuswestin/store.js#42, https://spin.atomicobject.com/2013/01/23/ios-private-browsing-localstorage/). It appears that conventional checks will report localStorage exists, but calling setItem will cause an error as it only exists in a read-only capacity. These checks are currently conducted in https://github.com/paulvanbladel/aurelia-auth/blob/master/src/storage.js#L16
Issue:
The storage implementation in aurelia-auth tests to see if localStorage is available, but is unable to detect that it is essentially disabled due to Private Window mode.
Thus, when the user attempts to log in, we see the following message in the console:
QuotaExceededError: DOM Exception 22: An attempt was made to add something to storage that exceeded the quota.
This error is produced during theset
operation in https://github.com/paulvanbladel/aurelia-auth/blob/master/src/storage.js#L12, as we are storing the authentication details coming from the login (the state, in my case).Potential Mitigation
When checking to see if localStorage exists, aurelia-auth/src/storage.js could also check to see if it is able to write a value to localStorage and read this value back. I'm unsure of what the desired behaviour would be in this case.
Details
The text was updated successfully, but these errors were encountered: