I have 2 sites with different domains, a.com and b.com. I am sending a piece data from a.com to b.com using window.postMessage with b.com loaded into an iframe on a.com. After that, I attempt to make the received data into a cookie on b.com - but it appears to be limited by state partitioning. I have [Firefox],
Partitioned cookie or storage access was provided to “b.com” because it is loaded in the third-party context and dynamic state partitioning is enabled.
So I am trying to use the Storage Access API to allow the cookie to be saved. I see that
requestStorageAccess()requests [...] need to be run inside some kind of user gesture-based event handler
The problem with this is that the b.com iframe on a.com is not shown (display: none). Is there a way I can prompt a response from users with something like confirm and have that work as a "user gesture-based event handler" instead of them interacting directly with the invisible b.com iframe?
I have seen multiple answers on Stack Exchange which suggest that window.postMessage is completely valid. First, there was a huge iframe pitfall (classic iframes). Now there is state partitioning, which besides being an annoyance in itself, requires user interaction (a dealbreaker). More and more this is seeming like a terrible hack and not the robust solution it was made out to be.
This is for science at this point (since the other method of cross-domain communication - a redirect with params - should also work for my use case).