Request permissions in iframes.

[reillyeon]

I suggest adding a subdomain, embedded.permission.site which embeds permission.site in an iframe so that the behavior of permissions when requested from content embedded within another origin can be exercised.

[inexorabletash]

We probably want all permutations of:

• same-origin iframe
• different-origin iframe
• different-"site" iframe (in case browsers treat subdomains specially)

[reillyeon]

@beaufortfrancois, any chance you could make this happen?

[beaufortfrancois]

I don't have access to permission.site domain sadly. @lgarron Would you know by any chance how to proceed?

[lgarron]

Depends what you mean. I have the same access as you since over 2 years: #44

Right now, this is a simple static site using GitHub Pages, so anything else is other than a same-origin iframe is going to require some time investment in infrastructure.

I would recommend against trying to build an intricate structure of domains to test every possible case, since that could have exponential combinations over time and this project is quite passively maintained. But if you'd like, Google owns the registration so you'd want to talk to someone internal about handling new registrations and DNS entries to support this.

[beaufortfrancois]

Thank you @lgarron for your feedback!

@engedy may you be able to help with DNS entries?

[johannhof]

Noting that on Firefox side we have an increased demand for both developers and QA to test things like Permissions Policy. A while ago I hacked together a definitely not pretty test page for that purpose, but it would be nice to be able to expose it to the wider community in a more polished manner.

As @lgarron mentions, the test page shows that this can result in quite a large number of combinations, so my suggestion would be spinning this off into a separate GitHub page with a separate domain registration and embedding permission.site as a third party (and linking to it from permission.site). This would help with the "who owns the registration" problem in the short term but also introduce a new problem of having more domains that people have to coordinate on.

Not sure how much time I can spend on this but I'm happy to help overall :)

[lgarron]

Noting that on Firefox side we have an increased demand for both developers and QA to test things like Permissions Policy. A while ago I hacked together a definitely not pretty test page for that purpose, but it would be nice to be able to expose it to the wider community in a more polished manner.

That's very encouraging to hear! Love to see Chroma and Mozilla collaborating. 😍

I can't really make significant decisions/infrastructure changes here, so perhaps a concrete proposal balancing functionality and maintainability could be something @engedy & co could run with.
(I'm happy to help with in-repo changes, though!)

[engedy]

Apologies, I missed the mention back in July. Happy to start setting this up!

WDYT about the following:

1. Create a fork of this entire repo, and host it under something like https://a.permission.site.
2. Add a page (say, frames.html) to this repo that hosts a set of frames, each embedding either https://permission.site or https://a.permission.site with various permission policies / sandbox / etc attributes.
3. Add a link to that page to index.html (or potentially integrate it into the main page).

This allows us to keep all the meaningful site development work on permissions.site in this repo, enabling cross-site testing for a new capability by simply merging a PR into this repo, and just mechanically pulling those changes also into the other repo. QA an developers can also find this functionality easily without having to remember any other origins.