如何在 Google 加载项的 iframe 中启用 Feature/Permissions 政策?

How do I enable Feature/Permissions Policy in an iframe in Google Add-ons?

我正在尝试在我的 google 附加组件中使用功能策略,序列号。我在尝试在 iframe 中启用此特定功能策略时遇到困难,我认为主要是因为父 iframe 没有启用它。下面是 iframe DOM 树的样子。我无法直接访问“sandboxFrame”和“userHtmlFrame”,因此无法更改其允许的功能。即使我在最子iframe中设置了'serial',我也找不到它的featurePolicy中启用的'serial'特性。

<iframe id="sandboxFrame" allow="accelerometer *; ambient-light-sensor *; autoplay *; camera *; clipboard-read *; clipboard-write *; encrypted-media *; fullscreen *; geolocation *; gyroscope *; magnetometer *; microphone *; midi *; payment *; picture-in-picture *; screen-wake-lock *; speaker *; sync-xhr *; usb *; web-share *; vibrate *; vr *" sandbox="allow-downloads allow-forms allow-modals allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts" src="https://...-script.googleusercontent.com/...">
    <iframe id="userHtmlFrame" allow="accelerometer *; ambient-light-sensor *; autoplay 
    *; camera *; clipboard-read *; clipboard-write *; encrypted-media *; fullscreen *; 
    geolocation *; gyroscope *; magnetometer *; microphone *; midi *; payment *; picture- 
    in-picture *; screen-wake-lock *; speaker *; sync-xhr *; usb *; web-share *; vibrate 
    *; vr *" src="/blank" title="">
       <iframe id="myIframe" allow="serial *;" sandbox="allow-forms allow-modals allow-popups allow-presentation allow-same-origin allow-scripts" src="...external website in          
          GitHub Pages">
       ...
       </iframe>
    </iframe>
</iframe>

如果任何熟悉 google 附加组件的人都可以证明我对任何很棒的东西都是错误的。如果能提供任何帮助,我将不胜感激。

谢谢。

  1. 是的,您可以将任何权限传递给嵌套的 iframe 只有 如果父上下文 has 授予该权限。
    请记住,在传递权限时,原点将相应更改,即:

<iframe scr='https://example.com' allow="fullscreen 'self'">
// the permission for fullscreen is 'self' (== http://example.com)
// but main thing is this is that iframe HAS that permission, therefore
// it can grant it to any nested context with ANY origin:
<iframe src='https://www.youtube.com' allow="fullscreen https://www.youtube.com">
// will get permission of fullscreen mode for https://www.youtube.com origin
</iframe>
</iframe>

  1. 在父 iframe 中,serial 功能策略指令未在 allow='...' 属性中指定。这意味着 default value - 'src' 允许此功能。因此,父 iframe 对 serial 具有隐式权限,因此它可以将其传递到任何嵌套的 iframe。

  2. 我没听说 serial 功能策略指令,是 it supported?