[w3c/webauthn] 662667: Prohibit Create Credential from cross-origin ifram... from J.C. Jones on 2020-04-09 (public-webauthn@w3.org from April 2020)

From: J.C. Jones <noreply@github.com>
Date: Thu, 09 Apr 2020 08:23:46 -0700
To: public-webauthn@w3.org
Message-ID: <w3c/webauthn/push/refs/heads/master/50679f-662667@github.com>

  Branch: refs/heads/master
  Home:   https://github.com/w3c/webauthn
  Commit: 6626671ac60b4731943a1d024b892a16ae47c6b5
      https://github.com/w3c/webauthn/commit/6626671ac60b4731943a1d024b892a16ae47c6b5
  Author: J.C. Jones <jc@mozilla.com>
  Date:   2020-04-09 (Thu, 09 Apr 2020)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Prohibit Create Credential from cross-origin iframes (#1394)

* Prohibit Create Credential from cross-origin iframes

This reverts part of PR #1276, again prohibiting the use of the Create method
when `sameOriginWithAncestors` is `false`. The `Note` is simplified, since
the integration between Credential Management and Feature Policy is now
complete.

* Split the feature-policy definition, per review comments

* Apply suggestions from code review

Co-Authored-By: =JeffH <jdhodges@google.com>

Co-authored-by: =JeffH <jdhodges@google.com>

Received on Thursday, 9 April 2020 15:23:59 UTC