Context:

We need to test that calling getPrimaryService(s) works when the services have been discovered already. To do this we introduced getHealthThermometerDeviceWithServicesDiscovered(). This function performs the following steps:

1. In an iframe:
  1. discover a device
  2. connect to it
  3. discover its services.
2. From the main frame:
  1. discover the same device the iframe discovered
  2. connect to the device
  3. retrieve its services (no need to discover the services because the iframe already discovered them.)

The iframe is a same-origin iframe which means that whatever services we request when discovering the device will also be accessible to the main frame.

Problem:

discovery-complete-no-permission-for-any-service.js requires the main frame to not request access to any services but the iframe we use to initially discover the services needs to request access.

Solution:

Once Feature Policy is implemented for Web Bluetooth we will be able to use a cross-origin iframe to discover services. Requesting service access from a cross-origin frame will not grant access to the main frame.