diff --git a/public/og-default.png b/public/og-default.png index 88ec504a..1f7063a3 100644 Binary files a/public/og-default.png and b/public/og-default.png differ diff --git a/public/og/checklist.png b/public/og/checklist.png index 20457ef7..43df92e5 100644 Binary files a/public/og/checklist.png and b/public/og/checklist.png differ diff --git a/public/og/spec.png b/public/og/spec.png index 476638ad..938ffb0e 100644 Binary files a/public/og/spec.png and b/public/og/spec.png differ diff --git a/public/og/spec/privacy.png b/public/og/spec/privacy.png index 8d87616c..4d73fc8c 100644 Binary files a/public/og/spec/privacy.png and b/public/og/spec/privacy.png differ diff --git a/public/og/spec/privacy/storage-access-api.png b/public/og/spec/privacy/storage-access-api.png new file mode 100644 index 00000000..81576cbd Binary files /dev/null and b/public/og/spec/privacy/storage-access-api.png differ diff --git a/src/content/changelog/2026-07-05-storage-access-api.md b/src/content/changelog/2026-07-05-storage-access-api.md new file mode 100644 index 00000000..9542819d --- /dev/null +++ b/src/content/changelog/2026-07-05-storage-access-api.md @@ -0,0 +1,8 @@ +--- +title: Added a page on the Storage Access API +date: "2026-07-05" +type: added +relatedSlugs: [storage-access-api] +--- + +Added a page on the [Storage Access API](/spec/privacy/storage-access-api/) — the W3C Privacy Community Group standard that lets embedded cross-site content request its own unpartitioned cookies behind a user gesture, instead of asking visitors to switch off tracking protection. Marked `optional`, as it only applies to sites that embed cross-site content needing first-party state (SSO, federated identity, signed-in widgets); browsers have shipped it for years. diff --git a/src/content/spec/privacy/storage-access-api.md b/src/content/spec/privacy/storage-access-api.md new file mode 100644 index 00000000..76620ad3 --- /dev/null +++ b/src/content/spec/privacy/storage-access-api.md @@ -0,0 +1,50 @@ +--- +title: "Storage Access API" +slug: storage-access-api +category: privacy +summary: "As browsers partition and block third-party cookies, embedded cross-site content uses the Storage Access API to request its own cookies behind a user gesture — instead of asking visitors to switch off tracking protection." +status: optional +order: 45 +appliesTo: [all] +relatedSlugs: [third-party-scripts, cookie-consent, security/cookie-attributes, security/permissions-policy] +updated: "2026-07-05T10:00:00.000Z" +sources: + - title: "The Storage Access API" + url: "https://privacycg.github.io/storage-access/" + publisher: "W3C Privacy Community Group" + - title: "MDN — Storage Access API" + url: "https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API" + publisher: "MDN" + - title: "MDN — Document: requestStorageAccess() method" + url: "https://developer.mozilla.org/en-US/docs/Web/API/Document/requestStorageAccess" + publisher: "MDN" +--- + +## What it is + +The Storage Access API lets cross-site content loaded in a third-party context — embedded in an `