On Tue, Sep 11, 2018 at 9:06 PM Ehsan Akhgari <ehsan.akhg...@gmail.com> wrote: > Please note that Firefox will grant storage access permissions > automatically under certain circumstances for web compatibility reasons, so > even when the iframe has never called this API it may still obtain storage > access. In order to prevent that from happening, the usual approaches > against embedded content gaining storage access (through sandboxing the > iframe to give it a unique origin) could be used.
Unfortunately, that will still share cookies. Adding a feature policy or some such for that might be worthwhile. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
