The only issue there is developers not being able to keep up with the rapid pace at which Safari is still strengthening privacy protection even in the middle of a pandemic, as far as I can tell.

Blocking third party cookies by default and requiring requests for storage access all sounds great.

Here's the code to keep your iframe from being abused:

    window.onmessage = function(e) {
      if (
        /^https?:\/\/((subdomain)\.)?mysite.com/.test(e.origin) === false
      ) {
        console.error("Access: No auth");
        return;
      }
    }

If you could specify what the benefit over this approach is, I'd appreciate knowing.