W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] Make create() and get() abortable

From: Angelo Liao via GitHub <sysbot+gh@w3.org>
Date: Wed, 06 Sep 2017 01:12:57 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-327345890-1504660367-sysbot+gh@w3.org>
Regarding https://github.com/w3c/webauthn/issues/316, we have some clarification to do. Reading from Firefox's pull request and what I heard from U2F, the ask here is simply to stop authenticator operation and reject promise with an appropriate error when user navigates away from a page. If so, we should just hook up the abort operation with the https://html.spec.whatwg.org/multipage/webappapis.html#handler-window-onunload event. This would be the cleanest way to approach issues without touching hot buttons such as memory usage. If the ask is to automatically determine whether a button is visible and remove the authenticator operations once they stop being visible, we'd have many more complicated logic. 

In the second case, I'd suggest we'd leave it to the web developers to decide how they want to approach this, provided that we provide them with a hook such as the AbortSignal. 

GitHub Notification of comment by AngeloKai
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/544#issuecomment-327345890 using your GitHub account
Received on Wednesday, 6 September 2017 01:12:53 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC