[whatwg] [Web-storage] subdomains / cooperation and limits

Brian Kardell bkardell at gmail.com
Tue Sep 18 05:01:23 PDT 2012

On Sep 17, 2012 8:22 PM, "Ian Hickson" <ian at hixie.ch> wrote:
> On Mon, 17 Sep 2012, Brian Kardell wrote:
> >
> > Ian, you hit the nail on the head with the text section that raised the
> > issue but I still am not entirely sure that I understand... Doesn't this
> > imply that in a case like *.wordpress.com would have a (suggested) limit
> > of 5mb combined for all of its tons and tons of subdomains (at least
> > without additional/constant prompting)?
> It wouldn't be "constant" prompting, but yes, the spec does suggest that
> if you visit a dozen WordPress-hosted blogs and they all try to load a
> bunch of content onto your machine, you should probably have to give
> consent or at least be aware of what's going on.
I think I may be starting to fill in my mental gap here, thanks for your
patience.  I think you are saying that each subdomain does get a seperate
area, but the spec encourages prompt or at least informative communication
to the user to prevent at least obvious misuse and runaway scenarios.
Specifically what degree to which they do that are left up to
implementations...is that correct?

> > There are a whole lot of what I would call "common" examples like where
> > it seems (to me anyway) unintuitive given the regularity with which this
> > kind of case would happen to think that that is what is actually
> > proposed.
> What's the alternative? Allowing any site to overload your machine with
> infinite amounts of content isn't really a viable solution.
Blindly, sure, that could be a problem.  If a user can grant permission for
more to a particular domain explicitly, that is mostly mitigated I think.
If I understand, that is the idea with the subdomains limitations.  I will
have to do some more searching to find the conversations I might have
missed as I expect this was all discussed a while back and in following so
many lists I am just missing a few key points.

> > I can understand blocking access to that data pretty easily, but with
> > postMessage, being in the same top-level domain doesn't even matter so
> > it seems that one could just as easily "subvert the limit" that way.
> The difference is that getting a new domain costs money, whereas getting a
> subdomain does not. So the cost of attacking someone with subdomains is
> much lower than with domains.
> > I think it isn't really implemented that way anywhere though, is it?
> > That is, do browsers really share the limit across subdomains like
> > that...
> If they do not, they are likely vulnerable to this kind of griefing.

It would be great if some ms, moz, opera and webkit variant  folks could
chime in with any helpful implementaion details so we could understand the
emerging rationales about how this is being managed effectively, it might
even flesh out additional notes that could be added to the doc.  In the
very least it would be in the archives for future searches.

> --
> Ian Hickson               U+1047E                )\._.,--....,'``.    fL
> http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
> Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

More information about the whatwg mailing list