This is a great question, Paul! There's no circumvention of hostname restrictions and you're right to note this is by design.
I would implement your IDB stores on a page served from the secure domain, then talk to it across protocols via postMessage
. That way you can use your IDB store on both http
and https
pages. (Obviously, doing this the otherway around would result in an insecure content warning.)
I've not tried this myself, but had great success sending data back and forth between Web Worker
and client so I imagine a postMessage
interface not to be much different. Although there's a limitation in what data types you can pass via postMessage
, all data in IDB has to be able to be "structured cloned" anyways meaning you can't store functions and such and wouldn't be missing out here.