This launches the proposed extension of the Storage Access API (backwards compatible and currently in OT) to allow access to unpartitioned cookie and non-cookie storage in a third-party context. The current API only provides access to cookies, which have different use-cases than non-cookie storage (discussed more in the Motivation section). The API can be used as follows (JS running in an embedded iframe): // Request a new storage handle via rSA (this may prompt the user) let handle = await document.requestStorageAccess({all: true}); // Write some 1P context sessionstorage handle.sessionStorage.setItem("userid", "1234"); // Write some 1P context localstorage handle.localStorage.setItem("preference", "A"); // Open or create an indexedDB that is shared with the 1P context let messageDB = handle.indexedDB.open("messages"); // Use locks shared with the 1P context await handle.locks.request(“example”, …); The same flow would be used by iframes to get a storage handle when their top-level ancestor successfully called requestStorageAccessFor, just that in this case the storage-access permission was already granted and thus the requestStorageAccess call would not require a user gesture or show a prompt, allowing for “hidden” iframes accessing storage.
There has been increasing developer and implementer interest in first-party DOM Storage and Quota Managed Storage being available in third-party contexts the same way that cookies can be today. In the absence of such a solution, browsers would in effect be pushing developers to migrate to cookies from other storage mechanisms. There are tradeoffs between cookie and non-cookie storage (size, flexibility, server exposure, network request size, etc.) that could impact user experience from a privacy, security and performance perspective (e.g., cookies are included in HTTP requests and not just available via JavaScript). To prevent sub-optimal use of cookies and to preserve context, we propose a solution for developers to regain 3p access to unpartitioned storage to avoid user-facing breakage in browsers shipping storage partitioning.