[Feature]: Get the Permissions Policy state of a frame.

[AlbertoFDR]

🚀 Feature Request

Getting the permissions policy state of a frame (top-level-document or included iframe). The idea would be to have a new method on the Frame object, similar to what the CDP allows with Page.getPermissionsPolicyState(frameId).

Example

https://foo.bar/ includes an iframe with the allow tag.

• <iframe src="https://example.org/" allow="geolocation"></iframe>

Playwright would be able to give us the permissions policy state on each frame. For the case of https://example.org/ ,the result for geolocation permission would be allowed: true. If we check autoplay permission the result would be allowed: false and the reason ( IframeAttribute).

Motivation

This feature would give the option for developers/testers to easily check if their embedded widget can have access to the permission or why not (CDP blockReason example: IframeAttribute).

[pavelfeldman]

This feature would give the option for developers/testers to easily check if their embedded widget can have access to the permission or why not (CDP blockReason example: IframeAttribute).

That sounds like an artificial use case for testing - Chrome DevTools would probably work better for this. What is your exact use case?

[AlbertoFDR]

Thanks for the quick answer.

In my case, I'm running a security experiment and one of the features that I'm adding, is the permission policy state of all the frames included in a document and document itself.

I still think there are interesting use cases for developers and testers:

• Checking that the Permission Policy Header is well-deployed in all the endpoints of their company.
• Knowing which kind of third-party widgets included in any of their websites have the ability to use/prompt for the permission.

[pavelfeldman]

This request sounds very niche. For the security auditing I would suggest that analyze the actual artifacts to contain required permissions and CSP directives instead.