Questions about document.requestStorageAccessFor and FPS

[miqez]

My questions:

• On the demo page from Google under: document.requestStorageAccessFor(), I get a FAIL status despite the flags being enabled. Did I miss any flags or configuration steps?
• The demo I built based on the documentation does not allow me to manage cookies. If I have followed all the steps correctly, should I be able to access the cookies of the domain associated with the primary domain?

I performed a First-Party Sets analysis. I performed the following steps:

• I configured the Google Chrome browser, version 117.0.5938.92 (Official Version) (arm64) to run the page with the demo provided by Google: https://first-party-sets.glitch.me/

a) I changed the following flags: Enable First-Party Sets: enabled Storage Access API permission UI: enabled Storage Access API: enabled

b) I blocked third-party cookies

• I created my own demo based on the code provided on the aforementioned documentation page and the code provided on the Mozilla website: https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API Using 'primary' as the primary domain and 'assosiated' as the associated domain

• I have placed code that uses the Storage API on both domains Launching the browser with the appropriate command in the terminal open -b com.google.Chrome --args --enable-features="FirstPartySets:FirstPartySetsClearSiteDataOnChangedSets/1,StorageAccessAPI,StorageAccessAPIForOriginExtension,PageInfoCookiesSubpage,PrivacySandboxFirstPartySetsUI" \ --use-first-party-set="{\"primary\": { "primary", "associatedSites": [associatedSites]}" \ primary

[cfredric]

Hi @miqez,

Thanks for trying this out! It's a bit tough to tell what might be going wrong in your demo, but it does sound like one/some of the command-line switches didn't work properly.

I get a FAIL status despite the flags being enabled.

Can you give any info on what part fails for you? There are a bunch of PASS/FAIL criteria that are checked by the RWS demo, so it would be helpful to know which one says FAIL.

If I have followed all the steps correctly, should I be able to access the cookies of the domain associated with the primary domain?

Yes, the associated site should be able to access its own cookies when embedded under the primary site (e.g. an embedded iframe), after calling document.requestStorageAccess() and awaiting the result. Note that the primary site will not get direct access to the associated site's cookies; that would break the Same-Origin Policy, which is an important web security boundary. Also note that the call to document.requestStorageAccess() is (almost always) required for security reasons; unpartitioned cookies won't be accessible to the embedded site until/unless it calls that API.

a) I changed the following flags:

Please be aware that those flags in chrome://flags aren't quite sufficient for enabling everything that the RWS demo relies on; if possible, it'd be better to use the provided command-line instead.

I created my own demo

If you can give a link to your demo, I could take a peek at it!

[miqez]

Hi, I'm sorry I'm only replying now. I don't know how, but I reinstalled the browser, restored the default settings and it worked. thanks for the help