Resetting of storage access with page refresh

[ashubham]

Quoting this from MDN:

Implementation difference with Safari:

"If the embedded origin tracker.example has already obtained first-party storage access on the 
top-level origin foo.example, and the user visits a page from foo.example embedding a page from
tracker.example again in less than 30 days, the embedded origin will have storage access
immediately when loading."

https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API

This seems to be a difference in Safari, where the storage access is reset on page refresh.

I think the safari behavior breaks iframe embeds in a very bad way where for each refresh they need a button to be clicked on the iframe to re-request storage access. The behavior looks to be optimized for things like Youtube where you need to click on the play button anyways.

Whats the take of the standard in this regard ? I contacted the Webkit group via twitter and they redirected me to this github.

[johnwilander]

Hi! As far as I know, these are deliberate design choices in both engines and this is likely to remain an optional part of the proposed standard.

We typically refrain from discussing individual browser (engine) choices here and refer to each engine’s bug tracker but I can say WebKit has decided to not allow what we refer to as “silent cross-site tracking.” The reasoning is that just because a user allows social.example to get access to cookies on one page on news.example doesn’t mean the user wants social.example to have access to its cookies on all news.example pages over a period of time.

[johannhof]

I think this is a dupe of #2, so closing as such.