[ https://issues.apache.org/jira/browse/CB-11032?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15890939#comment-15890939 ]
Shazron Abdullah commented on CB-11032: --------------------------------------- I'm wondering if you could use CSP (Content Security Policy) or even the <access> tags in config.xml > Prevent LocalStorage from being read by other servers/domains > ------------------------------------------------------------- > > Key: CB-11032 > URL: https://issues.apache.org/jira/browse/CB-11032 > Project: Apache Cordova > Issue Type: Wish > Components: Android, iOS > Reporter: Jan Visser > > I have created a Cordova app so that customers can connect to their intranet > or internet server and see dashboards they created there. Their password is > remembered using a token that is refreshed with a new token on every login > and stored in LocalStorage. LocalStorage is scoped to the origin. The origin > of a Cordova app is file:/// or cordova:/// Every server I can connect to can > potentially read the tokens in the LocalStorage. > My question: How can I prevent this? Anyone with an idea how to fix this? Or > are there any better ways to avoid this problem? > I'm willing to put time and effort into this issue to create a solution > myself if necessary but first I would like to discuss what the best way to > implement this in Cordova should be. A new plugin? Or maybe add functionality > to an existing part of Cordova? -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org