Cannot set cookie in iframe using Storage Access API on Safari

I have an iframe on my page. As Safari blocks 3rd party cookies, I am trying to use the Storage Access API as suggested here under 'Developer Guidance': https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more/. I have copied the following code from here https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API/Using#Accessing_a_user's_cookies_in_an_embedded_cross-origin_iframe:


<script type="text/javascript">
  window.addEventListener('load', () => {
  document.getElementById('test-button').addEventListener('click', () => {
  document.hasStorageAccess().then(hasAccess => {
  console.log('hasAccess: ' + hasAccess);
  if (!hasAccess) {
  return document.requestStorageAccess();
  }
  }).then(_ => {
  console.log('Now we have first-party storage access!');
  document.cookie = "foo=bar";
  console.log(`document.cookie: ${document.cookie}`);
  }).catch(_ => {
  console.log('error');
  });
  });
  });
</script>
<button id="test-button">Test</button>


Browser console output:


[Log] hasAccess: true
[Log] Now we have first-party storage access!
[Log] document.cookie:



As you can see, the grant seems to be successful but still cannot set the cookie. Does anyone have an idea what's wrong? I am using Safari Version 13.0.1.


Note: The enclosing page is a simple 

iframe
tag with a 
src
pointing to this page.
Up vote post of arifk Down vote post of arifk
5.9k views
Posted by
arifk
Reply
Add a Comment

Replies

I need urgent help with also with that.
its to bad as we need Session Cookie within a Iframe.
What can we do?
Posted by
daanse
Up vote reply of daanse Down vote reply of daanse
Add a Comment
Hi,
Did you ever find out the answer to your question or a work around?
Thanks
Posted by
rd888
Up vote reply of rd888 Down vote reply of rd888
Add a Comment
Hi there, i have been struggling with ITP as well. I did find out that if i set the cookie in first party context first, once storage access is granted i was able to see that cookie and modify it. So probably what would help for you is to first set this cookie in first party context(for example a pop-up, or just the top document), then in third party context (iframe) you will be able to change it.
Posted by
DavidDamNL
Up vote reply of DavidDamNL Down vote reply of DavidDamNL
Add a Comment

Safari by default discards cookies set in an iframe unless the host that's serving the iframe has set a cookie before, outside the iframe. Safari is the only browser that does this.

Posted by
needfulthing
Up vote reply of needfulthing Down vote reply of needfulthing
Add a Comment