You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Getting the permissions policy state of a frame (top-level-document or included iframe). The idea would be to have a new method on the Frame object, similar to what the CDP allows with Page.getPermissionsPolicyState(frameId).
Playwright would be able to give us the permissions policy state on each frame. For the case of https://example.org/ ,the result for geolocation permission would be allowed: true. If we check autoplay permission the result would be allowed: false and the reason ( IframeAttribute).
Motivation
This feature would give the option for developers/testers to easily check if their embedded widget can have access to the permission or why not (CDP blockReason example: IframeAttribute).
The text was updated successfully, but these errors were encountered:
This feature would give the option for developers/testers to easily check if their embedded widget can have access to the permission or why not (CDP blockReason example: IframeAttribute).
That sounds like an artificial use case for testing - Chrome DevTools would probably work better for this. What is your exact use case?
In my case, I'm running a security experiment and one of the features that I'm adding, is the permission policy state of all the frames included in a document and document itself.
I still think there are interesting use cases for developers and testers:
Checking that the Permission Policy Header is well-deployed in all the endpoints of their company.
Knowing which kind of third-party widgets included in any of their websites have the ability to use/prompt for the permission.
This request sounds very niche. For the security auditing I would suggest that analyze the actual artifacts to contain required permissions and CSP directives instead.
🚀 Feature Request
Getting the permissions policy state of a frame (top-level-document or included iframe). The idea would be to have a new method on the
Frame
object, similar to what the CDP allows withPage.getPermissionsPolicyState(frameId)
.Example
https://foo.bar/ includes an iframe with the
allow
tag.<iframe src="https://example.org/" allow="geolocation"></iframe>
Playwright would be able to give us the permissions policy state on each frame. For the case of
https://example.org/
,the result forgeolocation
permission would beallowed: true
. If we checkautoplay
permission the result would beallowed: false
and the reason (IframeAttribute
).Motivation
This feature would give the option for developers/testers to easily check if their embedded widget can have access to the permission or why not (CDP blockReason example:
IframeAttribute
).The text was updated successfully, but these errors were encountered: