Provider — Playwright (Chromium / Firefox / WebKit)
Granit.Browsing.Playwright is the multi-engine provider. It is the only
provider that supports Firefox and WebKit, and it owns
ITracingCapability and IHarRecordingCapability.
What the hardening pass changed
Section titled “What the hardening pass changed”RequestRouteradoption. Playwright’sIRouteis consumed by a singleRequestRouter. Sandbox handlers run first; user handlers in registration order. See Browsing security — RequestRouter.- Env-aware
AutoInstallBrowsers. The default forGranit:Browsing:Playwright:AutoInstallBrowsersis now:trueinDevelopment/Staging.falseinProduction. Override per host if you genuinely runplaywright installat production boot (you usually shouldn’t — bundle browsers into the image).
- HAR via
ITempFileFactory. Recorded HAR lands in{tempRoot}/t-{tenantId}/har/{guid}.harwith0600andDeleteOnClose. The HAR contains rawAuthorizationandCookieheaders — treat the capability output as sensitive. - Trace via
ITempFileFactory. Same factory, categorytrace. Same sensitive-data caveat. - Sandbox + permissions. Identical to the PuppeteerSharp provider —
same
SandboxProfile, same five permissions, samePrivilegedFlagGuardfor--no-sandbox.
Production configuration
Section titled “Production configuration”{ "Granit": { "Browsing": { "Playwright": { "Engine": "Chromium", "AutoInstallBrowsers": false, "ExecutablePath": "/usr/bin/chromium" } } }}AutoInstallBrowsers in production. Running
playwright installat pod boot adds 30–90 seconds to readiness and an outbound HTTP fetch to the CDN. Both are anti-patterns in production. Bundle the engine at image build, setAutoInstallBrowsers = false, and point at the executable.
Capability surface
Section titled “Capability surface”| Capability | Chromium | Firefox | WebKit |
|---|---|---|---|
IPdfCapability | ✓ | — | — |
IPdfViewerCapability | ✓ | — | — |
IAccessibilityCapability | — (deprecated upstream) | — | — |
ITracingCapability | ✓ | ✓ | ✓ |
IHarRecordingCapability | ✓ | ✓ | ✓ |