[Webkit-unassigned] [Bug 234309] New: [WebAuthn] Allow same-site, cross-origin iframe get()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Dec 14 13:33:14 PST 2021


            Bug ID: 234309
           Summary: [WebAuthn] Allow same-site, cross-origin iframe get()
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: j_pascoe at apple.com
            Blocks: 234180

WebAuthn Level 2 specifies a feature policy: https://w3c.github.io/webauthn/#sctn-iframe-guidance, functionality to get credentials from a cross-origin iframe should be enabled if the iframe has the allow="publickey-credentials-get" attribute/value pair.

This patch implements this functionality only for same-site, cross-origin i-frames.

This bug is to reland: https://bugs.webkit.org/show_bug.cgi?id=234180

Referenced Bugs:

[Bug 234180] [WebAuthn] Allow same-site, cross-origin iframe get()
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211214/2ec61b6f/attachment-0001.htm>

More information about the webkit-unassigned mailing list