[Webkit-unassigned] [Bug 182893] [WebAuthN] Consider requiring user gestures for this API
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Sep 1 04:37:25 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=182893
--- Comment #6 from Yuriy Ackermann (FIDO Alliance) <ackermann.yuriy at gmail.com> ---
As far as I know Chrome/Firefox are blocking secure API's if page is out of focus:
> https://w3c.github.io/webauthn/#abortoperation
> The visibility and focus state of the Window object determines whether the [[Create]](origin, options, sameOriginWithAncestors) and [[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors) operations should continue. When the Window object associated with the [Document loses focus, [[Create]](origin, options, sameOriginWithAncestors) and [[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors) operations SHOULD be aborted.
Again, this has issues for softAuthenticatos, like SoftU2F, which obviously changes a focus and so causes API to fail. So need careful consideration
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180901/4c9f2b2f/attachment.html>
More information about the webkit-unassigned
mailing list