在不共享权限的情况下启用跨跨原始iframe的webusb

发布于 2025-02-06 07:08:53 字数 1987 浏览 2 评论 0 原文

我正在尝试在包含来自不同起源的沙盒iframe的页面上与WebUSB合作。我的目标是顶级页面和每个嵌入式上下文都可以使用WebUSB，但不要共享权限。相反，他们每个人都必须调用 requestDevice 才能

默认访问对USB设备的访问，似乎顶级页面的权限/WebUSB设备由IFRAME共享。这是我的测试设置。顶级页面：

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Top</title>
</head>
<body>
    <button id="button">request</button>
    
    <!-- iframe running on a different domain. See code below -->
    <iframe sandbox="allow-scripts" allow="usb" src="https://.../sub-frame.html"></iframe>

    <script>
        const button = document.getElementById('button');
        button.addEventListener('click', async () => {
            const device = await navigator.usb.requestDevice({ filters: [] });
            console.log(device);
        });
    </script>
</body>
</html>

副帧（来自其他来源）：

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Embedded</title>
</head>
<body>
    <button id="button">Log</button>
    <script>
        const button = document.getElementById('button');
        button.addEventListener('click', async () => {
            const devices = await navigator.usb.getDevices();
            console.log(devices);
        });
    </script>
</body>
</html>

在Chrome中测试此示例，当顶级页面呼叫的 request> requestDevice ，我通过权限流程，IFRAME现在也可以通过调用来访问设备 navigator.usb.getDevices（）。我想阻止它。相反，iframe必须调用 requestDevice ，然后获取自己的USB设备列表。

如果我改用 gelix =“ usb'self'” ，则嵌入式页面根本不再涉及WebUSB API。我已经浏览了网络网络和权限规格，但找不到任何方法来实现这一目标。

我如何才能在嵌入式上下文中启用诸如WebUSB之类的功能，但是在每个嵌入式上下文中都像另一个顶级文档一样隔离了每个嵌入式上下文？

原文

I'm trying to work with webUSB on a page that contains sandboxed iframes from different origins. My goal is that the top level page and each of the embedded contexts can all use webUSB, but don't share permissions. Instead they should each have to call requestDevice to get access to usb devices

By default, it seems that the top-level page's permissions/webUSB devices are shared by the iframes. Here's my testing setup. Top level page:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Top</title>
</head>
<body>
    <button id="button">request</button>
    
    <!-- iframe running on a different domain. See code below -->
    <iframe sandbox="allow-scripts" allow="usb" src="https://.../sub-frame.html"></iframe>

    <script>
        const button = document.getElementById('button');
        button.addEventListener('click', async () => {
            const device = await navigator.usb.requestDevice({ filters: [] });
            console.log(device);
        });
    </script>
</body>
</html>

Subframe (from a different origin):

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Embedded</title>
</head>
<body>
    <button id="button">Log</button>
    <script>
        const button = document.getElementById('button');
        button.addEventListener('click', async () => {
            const devices = await navigator.usb.getDevices();
            console.log(devices);
        });
    </script>
</body>
</html>

Testing this example in Chrome, when the top level page call's requestDevice and I go through the permissions flow, the iframe can now also access the device by calling navigator.usb.getDevices(). I want to block that. Instead the iframe should have to call requestDevice and then get its own list of usb devices.

If I instead use allow="usb 'self'", the the embedded page no longer has across to the webUSB api at all. I've looked through the webUSB and permissions specs but couldn't find any way to accomplish this.

How can I have a feature like webUSB enabled across embedded context, but in a way where each of the embedded contexts is isolated like it would be if it were another top-level document?

分享到QQ

分享到微博