Comments (3)
johannhof
commented on September 17, 2024
Hi, there are two different proposals that might be relevant here, with a bunch of caveats though:
- The requestStorageAccessFor proposal allows top-level sites to request storage access on behalf of another site, however, it currently only works within RWS and, crucially, it still requires a call to
requestStorageAccess()from the iframe itself (or header usage, see below), for security reasons. - The Storage Access API Headers proposal (currently prototyping in Chrome) will remove the need for each
requestStorageAccess()call, but it will only work if a prior storage access permission had been granted in some way, I.e. the iframe could callrequestStorageAccess()once, get user permission, and on every subsequent load use the headers to avoid janky UX.
Can you share some more details about your use case? Are you not in control of the iframe in question?
from storage-access.
abhirajdatta
commented on September 17, 2024
My use case -
I have a web app where a 3P widget is hosted. When I visit the page with Chrome 3P flag turned on, I'm asked to login using that widget. In today's world the login is not needed as when the widget loads it automatically sets the cookies which are needed to sign in.
What I need to solve is how will the 3P cookies, which are being set will contineu to be set post 3PCD. Can I as a hosting system do something to make it work? The widgets are hosted using iFrames. Hosting party is Salesforce.
from storage-access.
johannhof
commented on September 17, 2024
Thanks! I don't think that there's a lot that you as a hosting system can do in this case, since the 3P needs to do at least some work to opt into 3PC access. As a stop-gap solution, browsers like Chrome and Firefox have per-site user toggles to temporarily disable 3PC blocking, but longer term Salesforce will have to fix this so I suggest that you reach out to them (judging by their engagement on 3PCD overall I can imagine they're aware of and working on a fix to the issue).
I'm closing this as it doesn't seem relevant to Storage Access per se, feel free to ask more general questions about Chrome's 3PCD rollout etc. in https://github.com/privacysandbox/privacy-sandbox-dev-support
from storage-access.
Related Issues (20)
- Clarify intended semantics of `document.hasStorageAccess` HOT 5
- Clarify browser specific divergence with requestStorageAccess HOT 4
- Shared worker use cases doesn't seem to work HOT 3
- Storage Access API (requestStorageAccess) HOT 7
- Request Storage access Page Security model HOT 2
- Definition of Unpartitioned data incorrect/inconsistent
- Cookie store changes unspecified HOT 1
- Regression: consulting permission state from a task's steps
- FedCM vs Storage Access API use case HOT 2
- Feature request: Auto-grant iFrame without requiring iFrame reload after grant HOT 1
- Potentially specify "prior user interaction" requirement HOT 1
- Possibly don't require user interaction to call requestStorageAccess HOT 1
- server side access (HTTP `Cookie` header) to cookies (`Lax`) inside iframe HOT 4
- How can I reset the Storage Access API "previous interaction" state in Chrome? HOT 2
- Support FedCM-based grants HOT 1
- Expand storage-access-preserving navigations to include same-origin-initiated navigations, not just self-initiated. HOT 16
- Feature Request: Allow an iframe to request Storage Access permission before the user has visited the origin at the top level HOT 6
- Use case validation - iframe using third party cookies as part of the requests HOT 1
- Unable to acccess third party cookies values - SAP Successfactors, SAP BTP, CHIPS HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from storage-access.