Last year at WWDC Apple introduced a Safari feature called Intelligent Tracking Prevention (ITP). It figures out which domains can track you across the web, and either separate the cookies or removes the data. Now there’s another privacy Safari API called Storage Access.
Apple says that the strongest developer feedback it got on ITP was that there should be a way for embedded cross-site content to authenticate users who are already logged into their first-party services.
Storage Access makes this a reality. It lets third-party embedded content to request access to first-party cookies only when the user interacts with them. Two functions have been added to cross-origin iframes: document.hasStorageAccess() and document.requestStorageAccess().
To prevent potential abuse, Apple will monitor the adoption of the API and make changes to it if there is widespread abuse since users won’t get a UI prompt when an inframe calls Storage Access.