[Webkit-unassigned] [Bug 230893] Remove the user gesture requirement for using the platform authenticator on the web
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 28 10:03:46 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=230893
--- Comment #12 from j_pascoe at apple.com <j_pascoe at apple.com> ---
Credentials can never be used without a user gesture (up=0, without user presence). This is for presenting the modal dialog where you can chose to select a key / insert an authenticator, after a given credential is chosen, there is still a test of user presence. Currently we require a user gesture to present this dialog, but you get a free try without it if you are Dropbox, Microsoft, Google, Twitter, or Facebook.
The worry is about websites spamming modal dialogs to prevent users from changing tabs, etc. Unfortunately there's no pre-existing case of a webkit-only non-modal dialog for MacOS that I can find (even mini browser stuff uses NSAlert.)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211028/f792e1e8/attachment.htm>
More information about the webkit-unassigned
mailing list