Storage Access provides a mechanism for embeds to request access to unpartitioned storage, but only when certain conditions are met.
Top-level site visit |
Feature interaction |
Permission prompt |
Here's how it works:
- User interaction: When a user interacts with embedded content (for example, clicking on it or attempting to type within it), Chrome interprets this as intent to engage with the embed.
- Permission prompt: Upon detecting user intent, Chrome displays a prompt asking the user if they want to grant the embed access to its stored data. This prompt gives users control over their privacy and ensures that data access is granted consciously.
- Access granted: If the user consents, the embed gains access to its unpartitioned storage, enabling it to provide personalized functionality and maintain user settings across websites.
- Access over time: The permission’s lifetime varies by browser. In Chrome, the permission lasts for 30 days and renews (in other words, it's extended by 30 days) every time the user interacts with the embed.
This user-centric approach ensures that cross-site data access occurs only when the user explicitly permits it, striking a balance between functionality and privacy.