[webauthn] Explicitly prohibit use of WebAuthn from non-visible cross-origin iframes (#1303) from J.C. Jones via GitHub on 2019-09-20 (public-webauthn@w3.org from September 2019)

From: J.C. Jones via GitHub <sysbot+gh@w3.org>
Date: Fri, 20 Sep 2019 01:50:14 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-496101501-1568944213-sysbot+gh@w3.org>

jcjones has just created a new issue for https://github.com/w3c/webauthn:

== Explicitly prohibit use of WebAuthn from non-visible cross-origin iframes ==
Issue #1105 is about ensuring iframes are visible using IntersectionObserver and is still caught up. While we work out the details there, we should add language that explicitly prohibits use of WebAuthn from hidden or off-screen iframes, even if we don't have the algorithm fully worked out, so as to indicate the requirements in the future.

Firefox, for example, is highly unlikely to ever permit hidden iframes to trigger WebAuthn.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1303 using your GitHub account

Received on Friday, 20 September 2019 01:50:16 UTC