[Webkit-unassigned] [Bug 234180] New: [WebAuthn] Allow same-site, cross-origin iframe get()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Dec 10 15:02:51 PST 2021
https://bugs.webkit.org/show_bug.cgi?id=234180
Bug ID: 234180
Summary: [WebAuthn] Allow same-site, cross-origin iframe get()
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Keywords: InRadar
Severity: Normal
Priority: P2
Component: WebKit Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: j_pascoe at apple.com
CC: webkit-bug-importer at group.apple.com
Blocks: 222240
WebAuthn Level 2 specifies a feature policy: https://w3c.github.io/webauthn/#sctn-iframe-guidance, functionality to get credentials from a cross-origin iframe should be enabled if the iframe has the allow="publickey-credentials-get" attribute/value pair.
This patch implements this functionality only for same-site, cross-origin i-frames.
Referenced Bugs:
https://bugs.webkit.org/show_bug.cgi?id=222240
[Bug 222240] [WebAuthn] Using WebAuthn within cross-origin iframe elements
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211210/ca7276f5/attachment-0001.htm>
More information about the webkit-unassigned
mailing list