Skip to main content

Chrome Plans to Introduce "requestStorageAccessFor" Feature to Enhance Cross-Site Cookie Access

The Chromium team at Google has plans to introduce a new feature called requestStorageAccessFor, Techtsp has spotted. This feature is an extension to the Storage Access API and aims to improve access to unpartitioned ("first-party") cookies on behalf of embedded sites. The feature is currently under development.

The Storage Access API, supported by multiple browsers, allows websites to request access to cookies from cross-site origins. However, there have been limitations in accessing authenticated and personalized content served from cross-site origins. The new "requestStorageAccessFor" feature aims to address these limitations and unblock certain cross-site, same-First-Party Set use cases.

With "requestStorageAccessFor," a top-level site can request access to unpartitioned cookies on behalf of embedded sites. Browsers will have the discretion to grant or deny access, taking into account factors such as First-Party Set membership. This feature enables top-level sites to utilize the Storage Access API effectively.

The motivation behind this new feature is to provide a solution for websites that depend on cross-site content while ensuring privacy and security. By allowing access to unpartitioned cookies, authenticated and personalized content can be delivered seamlessly across different origins.

While the feature is still in development and being incubated in a Community Group, it has received positive feedback from web developers who have expressed the need for this functionality. Other browser vendors have also shown interest, although some concerns regarding user prompts and security have been raised. The Chromium team is actively working with other browsers to address these concerns and ensure interoperability.

Google aims to ship the "requestStorageAccessFor" feature without user-facing prompts initially, relying on information from First-Party Sets to determine which sites should be granted storage access. This approach is expected to reduce user friction while maintaining privacy and security standards.

The implementation of the "requestStorageAccessFor" feature is expected to be available in future versions of Google Chrome, specifically targeting Chrome for desktop and Chrome OS. The feature will not initially be supported on Android WebView.

As with any new feature, there may be anticipated spec changes based on ongoing discussions in the Privacy Community Group. However, Google is confident in shipping the API in its current state to gather real-world developer feedback and iterate on the design as needed.

The introduction of the "requestStorageAccessFor" feature demonstrates Google's commitment to improving cross-site cookie access while prioritizing user privacy and security. It will be interesting to see how this feature evolves and its impact on web development and user experiences.