Quick concept of using the storage access API in Safari.
Running locally is possible but more work since you need to make up some fake domains to route locally using a hosts file to force this.
Steps to test using a hosted version:
- Visit https://storage.garbee.me which is the host domain
- Click the "Send ajax request" button which will just fetch itself
- Visit https://storage.garbee.dev which is the iframed domain
- Open DevTools
- Click the "Send ajax request" button which is in side of the iframe of the host.
- See the popup asking to give permission to access cookies
- Allow access
- Check the network request and verify the HTTP only cookie was sent with
header=value;at the start
To clear the prompt memory, you need to clear history. If you conducted the rest recently and need to keep Safari history you can delete the last hour. Otherwise figure out how to delete these domains specifically or all history.