safari storage access api not granting access in iframe

Question

Yes as far I have seen the way to grant request access to storage api is to ask for user gesture in iframe, but even I am unable to get the pop-up as well as when initating user gesture and calling the requeststorageaccess() fn through the button click in iframe , its still denying the storage access to third party cookies.

this https://webkit.org/blog/8124/introducing-storage-access-api/ article suggest to use iframe for requesting storage access if doesn't have access.

I have tried it in this way but its not working , if someone could help .... the third party cookie is shown as expired in safari , so in order to request storage access for it we needed user gesture in iframe

<script>

    function onLoginClicked() {
        document.requestStorageAccess().then(() => {
            console.log('Access granted: Safe to access storage now');
            settingCookie();
        }).catch(e => {
            console.log("access denied")
        });
    }

    function settingCookie() {

        document.cookie = "lastname=kumar";
        console.log(document.cookie);
    }

    if (navigator.userAgent.search("Safari") >= 0 && navigator.userAgent.search("Chrome") < 0) {
        document.addEventListener("DOMContentLoaded", () => {
            document.hasStorageAccess().then(access => {
                if (access) {
                    console.log('has access');
                    settingCookie();
                } else {
                    console.log('no access')
                }
            });
        });


    }
    else {
        console.log('not safari browser')
    }

I’m also unable to figure this out. – Florian Schulz Oct 18 '21 at 07:58 — Florian Schulz, Oct 18 '21 at 07:58
@FlorianSchulz Any Updates on this front? – KreutzerCode Jun 08 '22 at 11:48 — KreutzerCode, Jun 08 '22 at 11:48

score 0 · Answer 1 · answered Jun 30 '22 at 20:13

It's because it's basically broken.

FireFox has also implemented the Storage Access API and it works as documented.

For Safari you can kind of make it work by doing the following:

Have the user go to the page that will be in the iframe 1st and set the cookie
Load the page with the iframe and have the iframe page call hasStorageAccess() - this call should not be in an event handler
If the value is false have the iframe page present a button that user must click to allow access. In the button event handler call requestStorageAccess.
The user will be prompted by Safari to grant access

After all of this, the page in the iframe will only have access if the url doesn't change at all. If anything changes - another subpage or even a change in query string params will force the page to request access again.

This is ridiculous. For use we use Iframes a part of cross-domain authentication scheme so it is completely unusable in Safari, but works in every other browser on the planet. Makes me wish for the days IE.

Safari has 12% of the market share because it's on all apple devices -- otherwise I would recommend that company refuse to support it at all.

Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). — Community, Jul 01 '22 at 09:50

safari storage access api not granting access in iframe

1 Answers1