Re: [webauthn] restrict WebAuthentication API to only top level browsing context from Ian Clelland via GitHub on 2017-10-25 (public-webauthn@w3.org from October 2017)

From: Ian Clelland via GitHub <sysbot+gh@w3.org>
Date: Wed, 25 Oct 2017 17:40:42 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-339411383-1508953241-sysbot+gh@w3.org>

@AngeloKai -- I've been trying hard to dissuade people from adding additional attributes to `<iframe>` for every new feature, in favor of using the single `"allow"` attribute being defined by [Feature Policy](https://wicg.github.io/feature-policy/).

I'm hoping to give spec authors a consistent, uniform means of controlling access to features in frames, and to give web developers assurances that they don't have to worry about potential subtle differences in how and when features are enabled in different contexts.

-- 
GitHub Notification of comment by clelland
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/374#issuecomment-339411383 using your GitHub account

Received on Wednesday, 25 October 2017 17:40:45 UTC