Permissions-Policy: storage-access
Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.
The HTTP Permissions-Policy header storage-access directive controls whether a document loaded in a third-party context (i.e. embedded in an <iframe>) is allowed to use the Storage Access API to request access to unpartitioned cookies.
This is relevant to user agents that by default block access to unpartitioned cookies by sites loaded in a third-party context to improve privacy (for example, to prevent tracking).
Specifically, where a defined policy blocks use of this feature, Document.requestStorageAccess() calls will return a Promise that rejects with a DOMException of type NotAllowedError.
Syntax
http
Permissions-Policy: storage-access=<allowlist>;
<allowlist>-
A list of origins for which permission is granted to use the feature. See
Permissions-Policy> Syntax for more details.
Default policy
The default allowlist for storage-access is *.
Specifications
| Specification |
|---|
| The Storage Access API # permissions-policy-integration |
Browser compatibility
BCD tables only load in the browser