diff --git a/third_party/WebKit/LayoutTests/http/tests/security/suborigins/suborigin-storage-dom-access.php b/third_party/WebKit/LayoutTests/http/tests/security/suborigins/suborigin-storage-dom-access.php
new file mode 100644
index 0000000000000..a373506f177da
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/security/suborigins/suborigin-storage-dom-access.php
@@ -0,0 +1,28 @@
+
+
+
+
+Verifies that localStorage and sessionStorage are not accessible from within a suborigin
+
+
+
+
+
+
+
diff --git a/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h b/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h
index fb08499b150b1..6b068837ec647 100644
--- a/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h
+++ b/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h
@@ -170,7 +170,7 @@ class PLATFORM_EXPORT SecurityOrigin : public RefCounted {
bool isGrantedUniversalAccess() const { return m_universalAccess; }
bool canAccessDatabase() const { return !isUnique(); }
- bool canAccessLocalStorage() const { return !isUnique(); }
+ bool canAccessLocalStorage() const { return !isUnique() && !hasSuborigin(); }
bool canAccessSharedWorkers() const { return !isUnique(); }
bool canAccessServiceWorkers() const { return !isUnique() && !hasSuborigin(); }
bool canAccessCookies() const { return !isUnique(); }