Tested in Safari Tech Preview v 14.1. STR (on a clean profile): 1. Go to https://englehardt-tracker.com/index.html and interact with the page 2. Go to https://senglehardt.com/test/dfpi/storage_access_api.html. 3. In the third iframe from englehardt-tracker.com, click requestStorageAccess(). Click allow in the storage access prompt. 4. Click hasStorageAccess() Expected result: hasStorageAccess() returns `false`. Though englehardt-tracker.com was previously visited as a first party (and received user interaction), it did not set cookies as a first party. Thus Safari will still prevent it from setting or retrieving cookies, even after the user has approved storage access via requestStorageAccess. Actual result: hasStorageAccess() returns `true`, but the embedded frame is unable to set / retrieve cookies. From a developer perspective it might actually make more sense to add the additional cookie restriction as another requirement for requestStorageAccess(). I.e., automatically deny requestStorageAccess if the requesting origin hasn't been visited, interacted with, and set a cookie as a first party. Alternatively you could consider unblocking cookies after a successful call to requestStorageAccess(), even if the embedded origin had never set a cookie in the first-party context.