Intent to Prototype: Storage Access API with Prompts

Skip to first unread message

Shuran Huang

Jun 26, 2023, 11:33:07 AM6/26/23
to, Chris Fredrickson,

Contact emails,,




The Storage Access API provides a means for authenticated cross-site embeds to check whether they have access to their unpartitioned cookies and request access to unpartitioned cookies if they are blocked. Chrome already supports the Storage Access API across sites within the same First-Party Set, in conformance with the specification, and now we intend to prototype support for user permission prompts and user-agent-specific permission behaviors in line with what other browsers are shipping.

Note that Edge previously sent an I2I for the Storage Access API feature, but we felt it was appropriate to send a new I2P given that Chrome previously shipped support for the Storage Access API gated on First-Party Sets membership and did not support prompts.

Blink component



Chrome currently supports the Storage Access API without a user prompt – access is only granted based on First-Party Sets. However, some user experiences rely on access to unpartitioned cookies in cross-site contexts and are not supported by the existing solution. The Storage Access API with prompts provides a way for sites to request cross-site cookie access to enable these use cases. We aim to implement this in a way that does not overwhelm users with prompts or compromise their privacy.

Initial public proposal

TAG review

TAG review status



Interoperability and Compatibility

There is minor compatibility risk as Firefox and Safari already differ slightly in their user-agent-specific prompt requirements. Chrome's planned behavior is closest to Safari's current behavior, and we aim to standardize as much of this user-agent-specific behavior as possible over time.

Gecko: Shipping

WebKit: Shipping

Web developers: Positive

There has been great developer interest in the Storage Access API, given that it provides the only predictable way of working with cross-site cookies in many browsers. Various developers have chimed in on and filed issues on

Other signals: Edge has shipped Blink's current implementation of this behavior, which differs from Chrome's plans. We have kept (and intend to continue keeping) Edge engineers in the loop about these changes and there will be feature flags to control this behavior.

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?




Is this feature fully tested by web-platform-tests?

No, because prompt behavior and user-agent-specific behaviors are not testable. The Storage Access API itself is tested at

Flag name

StorageAccessAPI, PermissionStorageAccessAPI

Requires code in //chrome?


Estimated milestones

Desktop 117

Android 119

Link to entry on the Chrome Platform Status

Links to previous Intent discussions

This intent message was generated by Chrome Platform Status.

Reply all
Reply to author
0 new messages