We should change the policy so that non-sandboxed iframes are allowed to use the API. If the iframe is sandboxed, it still needs the 'allow-storage-access-by-user-activation' token.
<rdar://problem/36184501>
Created attachment 330056 [details] Patch
Comment on attachment 330056 [details] Patch Looks good. r=me.
Comment on attachment 330056 [details] Patch Thanks, Brent!
Comment on attachment 330056 [details] Patch Clearing flags on attachment: 330056 Committed r226244: <https://trac.webkit.org/changeset/226244>
All reviewed patches have been landed. Closing bug.