W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2019

Re: [webauthn] Prohibit Create Credential from cross-origin iframes (#1336)

From: J.C. Jones via GitHub <sysbot+gh@w3.org>
Date: Wed, 06 Nov 2019 20:04:02 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-550478112-1573070641-sysbot+gh@w3.org>
Yes, and at TPAC I believe it was Duo who asked for enrollment in the cross-origin iframe, too.

However, I believe this to be a real threat, and one easily-remedied.

-- 
GitHub Notification of comment by jcjones
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1336#issuecomment-550478112 using your GitHub account
Received on Wednesday, 6 November 2019 20:04:04 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:08 UTC