Testing Permissions Policies

Testing Permissions Policies

Automated Testing Script

const puppeteer = require('puppeteer');

async function testPermissionsPolicy(url) {
    const browser = await puppeteer.launch({
        args: ['--no-sandbox']
    });
    
    const page = await browser.newPage();
    const results = {
        url,
        headers: {},
        features: {},
        violations: []
    };
    
    // Intercept response to check headers
    page.on('response', response => {
        if (response.url() === url) {
            results.headers = response.headers();
            results.permissionsPolicy = response.headers()['permissions-policy'];
        }
    });
    
    // Listen for console messages (feature blocked notifications)
    page.on('console', msg => {
        if (msg.text().includes('Permissions policy')) {
            results.violations.push(msg.text());
        }
    });
    
    await page.goto(url);
    
    // Test various features
    const featureTests = await page.evaluate(() => {
        const tests = {};
        
        // Test geolocation
        tests.geolocation = new Promise(resolve => {
            if ('geolocation' in navigator) {
                navigator.geolocation.getCurrentPosition(
                    () => resolve('allowed'),
                    () => resolve('blocked'),
                    { timeout: 1000 }
                );
            } else {
                resolve('unsupported');
            }
        });
        
        // Test camera/microphone
        tests.getUserMedia = navigator.mediaDevices?.getUserMedia({ 
            video: true, 
            audio: true 
        })
            .then(() => 'allowed')
            .catch(() => 'blocked');
        
        // Test payment API
        tests.payment = 'PaymentRequest' in window ? 'available' : 'unavailable';
        
        return Promise.all([
            tests.geolocation,
            tests.getUserMedia,
            Promise.resolve(tests.payment)
        ]).then(([geo, media, payment]) => ({
            geolocation: geo,
            mediaDevices: media,
            payment: payment
        }));
    });
    
    results.features = featureTests;
    
    await browser.close();
    return results;
}

// Test multiple URLs
async function auditPermissionsPolicies(urls) {
    const results = [];
    
    for (const url of urls) {
        console.log(`Testing ${url}...`);
        const result = await testPermissionsPolicy(url);
        results.push(result);
    }
    
    // Generate report
    console.log('\nPermissions Policy Audit Report');
    console.log('==============================');
    results.forEach(result => {
        console.log(`\nURL: ${result.url}`);
        console.log(`Policy: ${result.permissionsPolicy || 'Not set'}`);
        console.log('Feature Access:', result.features);
        if (result.violations.length > 0) {
            console.log('Violations:', result.violations);
        }
    });
    
    return results;
}