8

I need to store a users profile and his preferences in a localStorage object \ cookies in a way that they'll be accessible(readable) and writable from both the web-app, and the chrome extension (that are basically part of the same product).

I found this cool library and this article that specifies how to use it.

The problem is that xauth.org is down, and so is the server page that is required to use the library.

Any alternatives

Charles
  • 50,943
  • 13
  • 104
  • 142
Oleg Belousov
  • 9,981
  • 14
  • 72
  • 127
  • Err. Context scripts share access to domain's `localStorage`. – Xan Jul 09 '14 at 11:00
  • the domain is chrome-extension://{id} thus not accessible from the web, or am I missing something? – Oleg Belousov Jul 09 '14 at 11:01
  • Note: [*content* scripts](https://developer.chrome.com/extensions/content_scripts). If you inject a script into the page in question, `localStorage` will be shared. – Xan Jul 09 '14 at 11:02
  • So, basically you are suggesting to add the web-app's domain to the list of matching domains, and then the chrome.localStorage object will be available from the web, even on non-chrome browsers?, doesn't sound rational – Oleg Belousov Jul 09 '14 at 11:06
  • What's `chrome.localStorage`? Are you confusing things with `chrome.storage.local`? – Xan Jul 09 '14 at 11:07
  • Yup, I am using `chrome.storage.sync.set` and `chrome.storage.sync.get`. Does it make things more tricky? – Oleg Belousov Jul 09 '14 at 11:12
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/57012/discussion-between-oleg-tikhonov-and-xan). – Oleg Belousov Jul 09 '14 at 11:17

2 Answers2

9

You can use both localStorage and cookies.

  1. If you inject a content script in the web app's page, its localStorage is shared with domain's own storage. You can then communicate with your background script to pass information.

  2. If you include "cookies" permission in your manifest, you can manipulate cookies using chrome.cookies API.

Edit: You can also make your extension externally connectable from the web app to maintain synchronization of the changes.

Xan
  • 74,770
  • 16
  • 179
  • 206
1

Update 2016

This cross-storage from zendesk is a great alternative to the 2 librarys that you mention

Even better you can config which client site/domain has a specific permission (either to get, set, delete)

Sample codes: 

Hub

// Config s.t. subdomains can get, but only the root domain can set and del
CrossStorageHub.init([
  {origin: /\.example.com$/,            allow: ['get']},
  {origin: /:\/\/(www\.)?example.com$/, allow: ['get', 'set', 'del']}
]);

Note the $ for matching the end of the string. The RegExps in the above example will match origins such as valid.example.com, but not invalid.example.com.malicious.com.

Client

var storage = new CrossStorageClient('https://store.example.com/hub.html');

storage.onConnect().then(function() {
  return storage.set('newKey', 'foobar');
}).then(function() {
  return storage.get('existingKey', 'newKey');
}).then(function(res) {
  console.log(res.length); // 2
}).catch(function(err) {
  // Handle error
});
super1ha1
  • 629
  • 1
  • 10
  • 17