<html>
    <head>
      <base href="https://bugs.webkit.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - [WebAuthn] Allow same-site, cross-origin iframe get()"
   href="https://bugs.webkit.org/show_bug.cgi?id=234309">234309</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>[WebAuthn] Allow same-site, cross-origin iframe get()
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>WebKit
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>WebKit Nightly Build
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>Unspecified
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Unspecified
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>Normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P2
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>WebKit Misc.
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>webkit-unassigned@lists.webkit.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>j_pascoe@apple.com
          </td>
        </tr>

        <tr>
          <th>Blocks</th>
          <td>234180
          </td>
        </tr></table>
      <p>
        <div>
        <pre>WebAuthn Level 2 specifies a feature policy: <a href="https://w3c.github.io/webauthn/#sctn-iframe-guidance">https://w3c.github.io/webauthn/#sctn-iframe-guidance</a>, functionality to get credentials from a cross-origin iframe should be enabled if the iframe has the allow="publickey-credentials-get" attribute/value pair.

This patch implements this functionality only for same-site, cross-origin i-frames.

This bug is to reland: <a class="bz_bug_link 
          bz_status_REOPENED "
   title="REOPENED - [WebAuthn] Allow same-site, cross-origin iframe get()"
   href="show_bug.cgi?id=234180">https://bugs.webkit.org/show_bug.cgi?id=234180</a></pre>
        </div>
      </p>

        <div id="referenced">
          <hr style="border: 1px dashed #969696">
          <b>Referenced Bugs:</b>
          <ul>
              <li>
                [<a class="bz_bug_link 
          bz_status_REOPENED "
   title="REOPENED - [WebAuthn] Allow same-site, cross-origin iframe get()"
   href="https://bugs.webkit.org/show_bug.cgi?id=234180">Bug 234180</a>] [WebAuthn] Allow same-site, cross-origin iframe get()
              </li>
          </ul>
        </div>
        <br>

      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>