Permissions-Policy: storage-access
Experimental:This is anexperimental technology
Check theBrowser compatibility tablecarefully before using this in production.
The HTTPPermissions-Policy
headerstorage-access
directive controls whether a document loaded in a third-party context (i.e. embedded in an<iframe>
) is allowed to use theStorage Access APIto request access to unpartitioned cookies.
This is relevant to user agents that by default block access to unpartitioned cookies by sites loaded in a third-party context to improve privacy (for example, to prevent tracking).
Specifically, where a defined policy blocks use of this feature,Document.requestStorageAccess()
calls will return aPromise
that rejects with aDOMException
of typeNotAllowedError
.
Syntax
Permissions-Policy: storage-access=<allowlist>;
<allowlist>
-
A list of origins for which permission is granted to use the feature. See
Permissions-Policy
> Syntaxfor more details.
Default policy
The default allowlist forstorage-access
is*
.
Specifications
Specification |
---|
The Storage Access API #permissions-policy-integration |
Browser compatibility
BCD tables only load in the browser