[Webkit-unassigned] [Bug 222240] New: [WebAuthn] Using WebAuthn within cross-origin iframe elements

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Feb 20 16:40:28 PST 2021 

https://bugs.webkit.org/show_bug.cgi?id=222240

            Bug ID: 222240
           Summary: [WebAuthn] Using WebAuthn within cross-origin iframe
                    elements
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mathieu.perreault at shopify.com

As mentioned in the  WebAuthn Level 2 editor's draft at https://w3c.github.io/webauthn/#sctn-iframe-guidance, functionality to get credentials from a cross-origin iframe should be enabled if the iframe has the allow="publickey-credentials-get" attribute/value pair. Other browsers implementers have implemented this capability and my group sees a relevant use case for this in our product.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210221/49fd2522/attachment.htm>

More information about the webkit-unassigned mailing list