Should trusted iFrames be allowed to request KeyboardLock

[joedow-42]

The fullscreen API includes a flag which can be applied to an iFrame which allows code executing in the iFrame context to request fullscreen. Spec: https://fullscreen.spec.whatwg.org/#iframe-fullscreen-flag

Is this something we would want to do as a future extension to the KeyboardLock spec?

The scenario would be a site that hosts a game in an iframe which has the ability to request fullscreen. The game code could also request the set of keyboardkeys it requires while in fullscreen mode. Otherwise the hosting site would have to request Keyboard lock on its behalf.

[garykac]

Currently, the API is for top-level browsing contexts only, but we could extend it to allow same origin subframes if there is a need.

[mjbvz]

I believe that VS Code may offer a good use case for a feature like this. We use iframes to power our webview api. Here's an example page structure:

- Top level html for editor
    - iframe from different origin that contains code VS Code controls
        - iframe that contains arbitrary html from extensions

We need a way to intercept and prevent native browser keyboard shortcuts (such as cmd+p for print or cmd+w for close window) even when the user is focused on the iframe. As far as I know, there is no way to do this using existing apis. This currently means that when a user is focused on an iframe, pressing cmd+w ends up closing the entire browser tab instead of just closing the current editor in VS Code

I've also raised this issue against chromium here: https://bugs.chromium.org/p/chromium/issues/detail?id=1016034