The Storage Access API allows access to first-party storage in a third-party context when a user has provided a direct intent to allow storage that would otherwise be blocked by the browser’s current configuration.

Motivation

As privacy is becoming increasingly important to users, requests for stricter browser defaults and user opt-in settings like blocking all third-party storage access are increasingly common. While these settings help improve privacy and block unwanted access by unknown or untrusted parties, they can have unwanted side effects such as blocking access to content the user may want to view (e.g. social media and embedded media content). Users shouldn't have to compromise between privacy protections and enabling sites' embedded content to function correctly. The Storage Access API is a JavaScript API that allows fine-grained control of storage access permissions when access would otherwise be denied by the browser's current settings. Sites with meaningful scenarios that depend on loading third-party resources will be able to leverage the API to allow the user to explicitly choose, on an as-needed basis, when to allow more permissive access.

Demo

• https://webkit.org/blog/8124/introducing-storage-access-api/

Documentation

• https://docs.google.com/document/d/1q5Q-8MJcfZamGAXLpjiXiPYR1Tov5JOGw0Z8Fv0TWFk/

Specification

Public discussion

Status in Chromium

Blink components: Privacy

In development (tracking bug)

Consensus & Standardization

• Firefox: Shipped/Shipping
• Edge: In development
• Safari: Shipped/Shipping
• Web Developers: No signals

Owners

• brandm@microsoft.com
• ericlaw@microsoft.com

Last updated on 2021-01-02