<html>
<head>
<base href="https://bugs.webkit.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - [WebAuthn] Allow same-site, cross-origin iframe get()"
href="https://bugs.webkit.org/show_bug.cgi?id=234309">234309</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>[WebAuthn] Allow same-site, cross-origin iframe get()
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Nightly Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>WebKit Misc.
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>j_pascoe@apple.com
</td>
</tr>
<tr>
<th>Blocks</th>
<td>234180
</td>
</tr></table>
<p>
<div>
<pre>WebAuthn Level 2 specifies a feature policy: <a href="https://w3c.github.io/webauthn/#sctn-iframe-guidance">https://w3c.github.io/webauthn/#sctn-iframe-guidance</a>, functionality to get credentials from a cross-origin iframe should be enabled if the iframe has the allow="publickey-credentials-get" attribute/value pair.
This patch implements this functionality only for same-site, cross-origin i-frames.
This bug is to reland: <a class="bz_bug_link
bz_status_REOPENED "
title="REOPENED - [WebAuthn] Allow same-site, cross-origin iframe get()"
href="show_bug.cgi?id=234180">https://bugs.webkit.org/show_bug.cgi?id=234180</a></pre>
</div>
</p>
<div id="referenced">
<hr style="border: 1px dashed #969696">
<b>Referenced Bugs:</b>
<ul>
<li>
[<a class="bz_bug_link
bz_status_REOPENED "
title="REOPENED - [WebAuthn] Allow same-site, cross-origin iframe get()"
href="https://bugs.webkit.org/show_bug.cgi?id=234180">Bug 234180</a>] [WebAuthn] Allow same-site, cross-origin iframe get()
</li>
</ul>
</div>
<br>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>