Re: [webauthn] Prohibit Create Credential from cross-origin iframes (#1336) from J.C. Jones via GitHub on 2019-11-06 (public-webauthn@w3.org from November 2019)

From: J.C. Jones via GitHub <sysbot+gh@w3.org>
Date: Wed, 06 Nov 2019 20:04:02 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-550478112-1573070641-sysbot+gh@w3.org>

Yes, and at TPAC I believe it was Duo who asked for enrollment in the cross-origin iframe, too.

However, I believe this to be a real threat, and one easily-remedied.

-- 
GitHub Notification of comment by jcjones
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1336#issuecomment-550478112 using your GitHub account

Received on Wednesday, 6 November 2019 20:04:04 UTC