A few weeks ago we changed the API so that a web-wide exception could only be stored when the script was located on a page on the target domain (ensuring a first party interaction). However, that contradicts a previous consensus that the API be callable within a portal, similar to the NAI/DAA style of consent page that might ask for a number of web-wide exceptions at once. Hence, we want subrequests (iframe-based scripts) to be able to store a web-wide exception, but only one that targets their own domains (like the limitations on cookies).
A few weeks ago we changed the API so that a web-wide exception could only be stored when the script was located on a page on the target domain (ensuring a first party interaction). However, that contradicts a previous consensus that the API be callable within a portal, similar to the NAI/DAA style of consent page that might ask for a number of web-wide exceptions at once. Hence, we want subrequests (iframe-based scripts) to be able to store a web-wide exception, but only one that targets their own domains (like the limitations on cookies).