<html>

    <head>

      <base href="https://bugs.webkit.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - [WebAuthn] Allow same-site, cross-origin iframe get()"

   href="https://bugs.webkit.org/show_bug.cgi?id=234309">234309</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>[WebAuthn] Allow same-site, cross-origin iframe get()

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>WebKit

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>WebKit Nightly Build

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>Unspecified

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Unspecified

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>Normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P2

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>WebKit Misc.

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>webkit-unassigned@lists.webkit.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>j_pascoe@apple.com

          </td>

        </tr>

        <tr>

          <th>Blocks</th>

          <td>234180

          </td>

        </tr></table>

      <p>

        <div>

        <pre>WebAuthn Level 2 specifies a feature policy: <a href="https://w3c.github.io/webauthn/#sctn-iframe-guidance">https://w3c.github.io/webauthn/#sctn-iframe-guidance</a>, functionality to get credentials from a cross-origin iframe should be enabled if the iframe has the allow="publickey-credentials-get" attribute/value pair.

This patch implements this functionality only for same-site, cross-origin i-frames.

This bug is to reland: <a class="bz_bug_link 

          bz_status_REOPENED "

   title="REOPENED - [WebAuthn] Allow same-site, cross-origin iframe get()"

   href="show_bug.cgi?id=234180">https://bugs.webkit.org/show_bug.cgi?id=234180</a></pre>

        </div>

      </p>

        <div id="referenced">

          <hr style="border: 1px dashed #969696">

          <b>Referenced Bugs:</b>

          <ul>

              <li>

                [<a class="bz_bug_link 

          bz_status_REOPENED "

   title="REOPENED - [WebAuthn] Allow same-site, cross-origin iframe get()"

   href="https://bugs.webkit.org/show_bug.cgi?id=234180">Bug 234180</a>] [WebAuthn] Allow same-site, cross-origin iframe get()

              </li>

          </ul>

        </div>

        <br>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>