[Webkit-unassigned] [Bug 205370] New: There is no way for nested iframes to get storage access
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Dec 17 18:05:40 PST 2019
https://bugs.webkit.org/show_bug.cgi?id=205370
Bug ID: 205370
Summary: There is no way for nested iframes to get storage
access
Product: WebKit
Version: Safari 13
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore JavaScript
Assignee: webkit-unassigned at lists.webkit.org
Reporter: bradg at dropbox.com
Storage Access API denies all access to nested iframes (since https://bugs.webkit.org/show_bug.cgi?id=176939), but this results in a problem for legitimate integrations that use iframes to isolate third parties from each other for privacy and security, rather than including third party scripts in the first party context. There is no way I'm aware of to allow users to grant consent to a nested iframe for first party cookies.
There should be some way for these integrations to work after user consent -- currently this is breaking the Dropbox Google Docs integration (go to www.dropbox.com, then create a Google Doc inside Dropbox), even when users disable third party tracking protection.
The use case and comment is also described here: https://github.com/whatwg/html/issues/3338#issuecomment-516231497
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191218/9ba5a7aa/attachment.htm>
More information about the webkit-unassigned
mailing list