In Google Workspace, we have many use cases where embeds requiring cookies for authentication are loaded in a third-party context (for example, an embedded Google Doc which is only accessible to users within a domain). Today, that embedded content loads on Chrome without any explicit user action. After Chrome rolls out third-party cookie deprecation, we plan to use Storage Access API to allow the user to grant storage access to the embed for authentication purposes. We already use the Storage Access API approach on Firefox and Safari today.
From a user experience perspective, we would prefer if there are some cases determined to be safe by the browser, where the embedded content can be loaded without user interaction or requiring the application to make an explicit rSA call. This is already the case on Safari and FF today. We're interested in understanding whether such cases can be determined by the browser and allow us to avoid user-facing prompts in some scenarios.
In Google Workspace, we have many use cases where embeds requiring cookies for authentication are loaded in a third-party context (for example, an embedded Google Doc which is only accessible to users within a domain). Today, that embedded content loads on Chrome without any explicit user action. After Chrome rolls out third-party cookie deprecation, we plan to use Storage Access API to allow the user to grant storage access to the embed for authentication purposes. We already use the Storage Access API approach on Firefox and Safari today.
From a user experience perspective, we would prefer if there are some cases determined to be safe by the browser, where the embedded content can be loaded without user interaction or requiring the application to make an explicit rSA call. This is already the case on Safari and FF today. We're interested in understanding whether such cases can be determined by the browser and allow us to avoid user-facing prompts in some scenarios.