From 4847ff87ad3bd12ed82db1aeedb90661aa47444d Mon Sep 17 00:00:00 2001
From: cl0ckt0wer <cl0ckt0wer@users.noreply.github.com>
Date: Wed, 13 May 2026 07:05:59 -0400
Subject: [PATCH] feat(browse): add Emulation.setGeolocationOverride +
 clearGeolocationOverride to CDP allowlist

Enables GPS/geolocation testing via the browse daemon. Same threat
profile as existing Emulation.setDeviceMetricsOverride: pure input
to the active tab, no data exfiltration surface.

Usage after this change:
  $B cdp Emulation.setGeolocationOverride '{"latitude":51.5,"longitude":-0.1}'

Limitation: Browser.grantPermissions cannot be routed through the
page-scoped CDPSession the bridge uses. Full GPS testing (permission
grant + coordinate override) requires either a Playwright script
(context-level permission grant) or a future browser-scope CDP
routing path. Left a NOTE in the allowlist documenting this.
---
 browse/src/cdp-allowlist.ts | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 mode change 100644 => 100755 browse/src/cdp-allowlist.ts

diff --git a/browse/src/cdp-allowlist.ts b/browse/src/cdp-allowlist.ts
old mode 100644
new mode 100755
index b9c3a9538e..3ecb4795cd
--- a/browse/src/cdp-allowlist.ts
+++ b/browse/src/cdp-allowlist.ts
@@ -155,6 +155,25 @@ export const CDP_ALLOWLIST: ReadonlyArray<CdpAllowEntry> = Object.freeze([
     output: 'trusted',
     justification: 'UA override on the active tab. NOTE: changes affect future requests; fine for tests.',
   },
+  {
+    domain: 'Emulation',
+    method: 'setGeolocationOverride',
+    scope: 'tab',
+    output: 'trusted',
+    justification: 'Geolocation override on the active tab. Same threat profile as setDeviceMetricsOverride: pure input, no data exfiltration. Enables GPS testing.',
+  },
+  {
+    domain: 'Emulation',
+    method: 'clearGeolocationOverride',
+    scope: 'tab',
+    output: 'trusted',
+    justification: 'Clear geolocation override. Mirrors clearDeviceMetricsOverride for cleanup symmetry.',
+  },
+  // NOTE: Browser.grantPermissions is intentionally NOT added here. It is a
+  // browser-scope CDP method that cannot be forwarded through the page-level
+  // CDPSession that the browse bridge uses. Geolocation testing requires either
+  // a Playwright script (which grants permissions at context creation) or a
+  // future browser-scope CDP routing path in the bridge.
   // ─── Page capture (output, not navigation) ─────────────────
   {
     domain: 'Page',