W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2017

Re: [webauthn] restrict WebAuthentication API to only top level browsing context

From: Ian Clelland via GitHub <sysbot+gh@w3.org>
Date: Wed, 25 Oct 2017 17:40:42 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-339411383-1508953241-sysbot+gh@w3.org>
@AngeloKai -- I've been trying hard to dissuade people from adding additional attributes to `<iframe>` for every new feature, in favor of using the single `"allow"` attribute being defined by [Feature Policy](https://wicg.github.io/feature-policy/).

I'm hoping to give spec authors a consistent, uniform means of controlling access to features in frames, and to give web developers assurances that they don't have to worry about potential subtle differences in how and when features are enabled in different contexts.

-- 
GitHub Notification of comment by clelland
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/374#issuecomment-339411383 using your GitHub account
Received on Wednesday, 25 October 2017 17:40:45 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:29 UTC