Re: [webauthn] update extensions framework to include interfacing with user agent permissions framework

I feel like this should be addressed - it seems like a mistake to allow websites to get geolocation information without the user being notified.

> Client extension processing  
> Check the [[permissions state]] for geolocation. If the permission state is `"denied"`, the client MUST remove the extension and not pass it to the authenticator. If the permission state is `"prompt"`, the user agent MAY prompt the user and restart this processing, or MAY remove the extension without prompting. If the permission state is `"granted"`, the client creates the authenticator extension input with the Boolean value `true`.

GitHub Notification of comment by riking
Please view or discuss this issue at using your GitHub account

Received on Tuesday, 5 December 2017 22:11:39 UTC