[Webkit-unassigned] [Bug 205370] New: There is no way for nested iframes to get storage access

Tue Dec 17 18:05:40 PST 2019

https://bugs.webkit.org/show_bug.cgi?id=205370

            Bug ID: 205370
           Summary: There is no way for nested iframes to get storage
                    access
           Product: WebKit
           Version: Safari 13
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore JavaScript
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: bradg at dropbox.com

Storage Access API denies all access to nested iframes (since https://bugs.webkit.org/show_bug.cgi?id=176939), but this results in a problem for legitimate integrations that use iframes to isolate third parties from each other for privacy and security, rather than including third party scripts in the first party context. There is no way I'm aware of to allow users to grant consent to a nested iframe for first party cookies.

There should be some way for these integrations to work after user consent -- currently this is breaking the Dropbox Google Docs integration (go to www.dropbox.com, then create a Google Doc inside Dropbox), even when users disable third party tracking protection.

The use case and comment is also described here: https://github.com/whatwg/html/issues/3338#issuecomment-516231497

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191218/9ba5a7aa/attachment.htm>