205370 2019-12-17 18:05:40 -0800 ER: There is no way for nested iframes to get storage access 2021-02-10 11:03:01 -0800 1 1 1 Unclassified WebKit WebCore JavaScript Safari 13 Unspecified Unspecified RESOLVED DUPLICATE 216019 InRadar P2 Normal --- 1 brad.girardeau webkit-unassigned bfulgham mattcoz webkit-bug-importer wilander oldest_to_newest 1599647 0 brad.girardeau 2019-12-17 18:05:40 -0800 Storage Access API denies all access to nested iframes (since https://bugs.webkit.org/show_bug.cgi?id=176939), but this results in a problem for legitimate integrations that use iframes to isolate third parties from each other for privacy and security, rather than including third party scripts in the first party context. There is no way I'm aware of to allow users to grant consent to a nested iframe for first party cookies. There should be some way for these integrations to work after user consent -- currently this is breaking the Dropbox Google Docs integration (go to www.dropbox.com, then create a Google Doc inside Dropbox), even when users disable third party tracking protection. The use case and comment is also described here: https://github.com/whatwg/html/issues/3338#issuecomment-516231497 1599668 1 webkit-bug-importer 2019-12-17 19:10:20 -0800 <rdar://problem/58030067> 1600492 2 wilander 2019-12-19 14:09:06 -0800 This is an enhancement request. 1637952 3 mattcoz 2020-04-05 14:28:23 -0700 This is a breaking issue for my application. My content is being loaded in a third party context, and I can successfully request storage access, but my content loads additional content in a nested iframe that can't get storage access, even though it is at the same domain as the parent that requested storage access. If you want to continue blocking the storage access request from the nested iframe, storage access should propagate to nested iframes when they are at the same domain. 1684936 4 wilander 2020-09-02 13:00:08 -0700 This has now been resolved in https://bugs.webkit.org/show_bug.cgi?id=216019. Sorry for the forward dupe. *** This bug has been marked as a duplicate of bug 216019 *** 1727641 5 wilander 2021-02-10 11:03:01 -0800 https://webkit.org/blog/11545/updates-to-the-storage-access-api/