Permissions-Policy: storage-access
Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.
The HTTP Permissions-Policy
header storage-access
directive controls whether a document loaded in a third-party context (i.e. embedded in an <iframe>
) is allowed to use the Storage Access API to request access to unpartitioned cookies.
This is relevant to user agents that by default block access to unpartitioned cookies by sites loaded in a third-party context to improve privacy (for example, to prevent tracking).
Specifically, where a defined policy blocks use of this feature, Document.requestStorageAccess()
calls will return a Promise
that rejects with a DOMException
of type NotAllowedError
.
Syntax
http
Permissions-Policy: storage-access=<allowlist>;
<allowlist>
-
A list of origins for which permission is granted to use the feature. See
Permissions-Policy
> Syntax for more details.
Default policy
The default allowlist for storage-access
is *
.
Specifications
Specification |
---|
The Storage Access API # permissions-policy-integration |
Browser compatibility
BCD tables only load in the browser