|Summary:||Storage Access API doesn't appear to work|
|Component:||WebCore Misc.||Assignee:||John Wilander <wilander>|
|Severity:||Blocker||CC:||beidson, bfulgham, cdumez, gabriel, othree, shahar, sihui_liu, stefan, webkit-bug-importer, wilander, xors.nn, youennf|
Description Martin 2019-01-09 03:17:25 PST
Created attachment 358689 [details] Example code According to https://webkit.org/blog/8124/introducing-storage-access-api/ and https://developer.mozilla.org/en-US/docs/Web/API/Document/requestStorageAccess there should be two functions: * document.hasStorageAccess(); * document.requestStorageAccess(); despite hasStorageAccess() returning true, and the promise requestStorageAccess() resolving. An iframe (siteB) is still unable to set and get cookies. The iframe is sandboxed with the following attributes: <iframe src = "http://siteB.com" sandbox="allow-storage-access-by-user-activation allow-scripts allow-same-origin"></iframe> I have attached my example code as a zip.
Comment 2 Gabe 2019-05-25 11:28:26 PDT
This still seems to be happening on Safari 12.1.1 on macOS 10.14.5. The problem seems to goes away if the user first directly accesses "siteB" outside of an iframe. Is this intended behavior? I was under the impression that the purpose of the Storage Access API was to allow third-party iframes to access cookies as long as the user interacts with the document inside the iframe and as long as the iframe requests permission. Requiring the user to have previously accessed the site inside the iframe hurts my use case.
Comment 3 othree 2019-12-09 07:38:21 PST
(In reply to Gabe from comment #2) > This still seems to be happening on Safari 12.1.1 on macOS 10.14.5. > > The problem seems to goes away if the user first directly accesses "siteB" > outside of an iframe. > > Is this intended behavior? I was under the impression that the purpose of > the Storage Access API was to allow third-party iframes to access cookies as > long as the user interacts with the document inside the iframe and as long > as the iframe requests permission. Requiring the user to have previously > accessed the site inside the iframe hurts my use case. Hi Gabe. What do you mean "The problem seems to goes away if the user first directly accesses "siteB" outside of an iframe." Do you able to read and write the cookie in the iframe if you touched the domain outside? I am using Safari 13 but I can't reproduce this behavior. I can only get read only access to the access to the cookie. It must write in a first party role (direct navigate or open a new window).
Comment 4 Sergey 2020-02-19 20:46:36 PST
Comment 5 Sergey 2020-02-19 20:48:51 PST
One addition to my previous comment, everything described there works fine on Firefox.
Comment 6 Shahar Galukman 2020-05-26 02:57:34 PDT
Comment 7 John Wilander 2020-07-16 17:48:14 PDT