If I'm not mistaken, both Safari and Chrome have a "prior user interaction" requirement that will auto-reject SAA calls unless the user has interacted with the requesting site in a top-level context in the last X (I think currently 30) days. Firefox also looks at prior interactions, but only gates its "auto-grant" mechanism for the first 5 embedded sites on it.
If this is shipping in roughly the same shape in two browsers we might want to align the spec on it.
If I'm not mistaken, both Safari and Chrome have a "prior user interaction" requirement that will auto-reject SAA calls unless the user has interacted with the requesting site in a top-level context in the last X (I think currently 30) days. Firefox also looks at prior interactions, but only gates its "auto-grant" mechanism for the first 5 embedded sites on it.
If this is shipping in roughly the same shape in two browsers we might want to align the spec on it.
cc @annevk @bvandersloot-mozilla @cfredric