I have run into this same issue, particularly with Safari. One subideal workaround is to prompt the user to disable the option "prevent cross-site tracking" in Safari's privacy settings. This is not a great solution though, as it opens them up to cross-site tracking everywhere. And even with cross-site tracking enabled, we've found that if someone uses HubSpot as a standalone web app rather than a tab in Safari, then the cookie access still fails.

We have also tried explicitly requesting storage access by using Document.requestStorageAccess (https://developer.mozilla.org/en-US/docs/Web/API/Document/requestStorageAccess) but the request is blocked by the browser. I believe that it's blocked because HubSpot has us in a sandboxed iframe, which according the the Storage API docs prevents granting storage access. But it seems like there could be a very simple solution on HubSpot's end - just adding the "allow-storage-access-by-user-activation" token to the iframe (https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API#security_measures). In the source code, you can see that HubSpot already adds other sandbox tokens to make the iframe more usable, but is missing this important one.

Hopefully HubSpot developers can make this very simple tweak?

Hi @Jaycee_Lewis - is there any info on this issue?  I'm having the same issue - unable to store a cookie in the iframe rendered from the CRM card.  This means I can't authenticate my user and allow them to use the iframe.  There must be a recommended workaround or fix in the works, right?  Thanks.