[Webkit-unassigned] [Bug 234180] New: [WebAuthn] Allow same-site, cross-origin iframe get()

Fri Dec 10 15:02:51 PST 2021

https://bugs.webkit.org/show_bug.cgi?id=234180

            Bug ID: 234180
           Summary: [WebAuthn] Allow same-site, cross-origin iframe get()
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: j_pascoe at apple.com
                CC: webkit-bug-importer at group.apple.com
            Blocks: 222240

WebAuthn Level 2 specifies a feature policy: https://w3c.github.io/webauthn/#sctn-iframe-guidance, functionality to get credentials from a cross-origin iframe should be enabled if the iframe has the allow="publickey-credentials-get" attribute/value pair.

This patch implements this functionality only for same-site, cross-origin i-frames.

Referenced Bugs:

https://bugs.webkit.org/show_bug.cgi?id=222240
[Bug 222240] [WebAuthn] Using WebAuthn within cross-origin iframe elements
-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211210/ca7276f5/attachment-0001.htm>