I have website a.com, that has an iframe loading b.com in it. In order for the browser to save cookies from b.com in Safari, I have to access the Storage Access API. This requires user interaction with the content in the iframe. The problem is that user gestures with b.com are not being detected, and requestStorageAccess() is automatically being rejected. When I open b.com in a separate tab and interact with it, and then come back to a.com, requestStorageAccess() successfully makes the request when processing a user gesture.
I would like to understand why the user interacting with b.com within the iframe, without going to b.com itself, is insufficient.
The error I get is:
[ITP] Cannot grant storage access to 'b.com' since its cookies are blocked in third-party contexts and it has not received user interaction as first-party.
Storage Access API: https://webkit.org/blog/8124/introducing-storage-access-api/ requestStorageAccess(): https://developer.mozilla.org/en-US/docs/Web/API/Document/requestStorageAccess