In Chrome 141, Storage Access API semantics now strictly follow the Same Origin policy, to enhance security. Using `document.requestStorageAccess()` in a frame only attaches cookies to requests to the iframe's origin (not site) by default. The [CookiesAllowedForUrls](https://chromeenterprise.google/policies/#CookiesAllowedForUrls) policy or Storage Access Headers can still be used to unblock cross-site cookies.
This change improves the security properties of the Storage Access API, without affecting privacy boundaries. It brings the Storage Access API's SOP semantics more inline with the rest of the web platform, which makes the API more intuitive for web developers.