Some time ago, Safari started to block third-party iframes from storing its data in cookies or local storage. It affects all Atlassian Connect apps.
They proposed to use Storage Access API (as a part of Intelligent Tracking Prevention technology) to work around it. Recently other major browser vendors (such as Firefox and Google) started to adopt Storage Access API. Could you please support it in Atlassian Connect?
Please look at their requirements. You just need to add one more iframe sandbox attribute (āallow-storage-access-by-user-activationā) to support this API.
@becker Itās still in experimental which could be a problem. It also needs review by security team which Iāve requested. Will post an update when we hear back
I also checked the status of this attribute at the Chrome Platform Status website - Chrome Platform Status. It Safari & Firefox already supports it, and it is currently under active development in Edge & Chrome.
@becker Security team have given the OK. So, itās on its way to production, should be available in a week or so.
As an experimental browser feature though, itās āUse at your own riskā, so weād recommend having a fallback in place
@dboyd When should we expect the allow-storage-access-by-user-activation token to be included in the iframeās sandbox attribute? Or were those plans cancelled?