Document: requestStorageAccess() method
The requestStorageAccess() method of the Document interface allows a document loaded in a third-party context (i.e. embedded in an <iframe>) to request access to unpartitioned cookies.
This is relevant to user agents that by default block access to unpartitioned cookies by sites loaded in a third-party context to improve privacy (e.g. to prevent tracking), and is part of the Storage Access API.
Note: Usage of this feature may be blocked by a storage-access Permissions Policy set on your server. In addition, the document must pass additional browser-specific checks such as allowlists, blocklists, on-device classification, user settings, anti-clickjacking heuristics, or prompting the user for explicit permission.
Syntax
Parameters
Return value
A Promise that fulfills with undefined if the access to unpartitioned cookies was granted, and rejects if access was denied.
requestStorageAccess() requests are automatically denied unless the embedded content is currently processing a user gesture such as a tap or click (transient activation), or unless permission was already granted previously. If permission was not previously granted, they need to be run inside a user gesture-based event handler. The user gesture behavior depends on the state of the promise:
- If the promise resolves (i.e. if permission was granted), then the user gesture has not been consumed, so the script can subsequently call APIs that require a user gesture.
- If the promise rejects (i.e. permission was not granted), then the user gesture has been consumed, so the script can't do anything that requires a gesture. This is intentional protection against abuse — it prevents scripts from calling
requestStorageAccess() in a loop until the user accepts the prompt.
Exceptions
Examples
document.requestStorageAccess().then(
() => {
console.log("access granted");
},
() => {
console.log("access denied");
},
);
Specifications
Browser compatibility
|
Desktop |
Mobile |
|
Chrome |
Edge |
Firefox |
Internet Explorer |
Opera |
Safari |
WebView Android |
Chrome Android |
Firefox for Android |
Opera Android |
Safari on IOS |
Samsung Internet |
requestStorageAccess |
113["Only available to Google Chrome's first-party sets.", "Client-side storage access granted per-frame, as per spec updates see explanation."]
78Client-side storage access granted per-page (see explanation)
|
113["Only resolves requestStorageAccess() calls that come from domains within a first-party set.", "Each embedded site instance must separately opt in to client-side storage access via a requestStorageAccess() call, as per spec updates."]
85–112Client-side storage access granted per-page (see explanation)
|
65 |
No |
99["Only available to Opera's first-party sets.", "Client-side storage access granted per-frame, as per spec updates see explanation."]
65Client-side storage access granted per-page (see explanation)
|
11.1Client-side storage access granted per-page (see explanation)
|
113["Only available to Google Chrome's first-party sets.", "Client-side storage access granted per-frame, as per spec updates see explanation."]
|
113["Only available to Google Chrome's first-party sets.", "Client-side storage access granted per-frame, as per spec updates see explanation."]
78Client-side storage access granted per-page (see explanation)
|
65 |
No |
11.3Client-side storage access granted per-page (see explanation)
|
No |
See also