W3C home > Mailing lists > Public > public-webauthn@w3.org > January 2020

Re: [webauthn] Prohibit Create Credential from cross-origin iframes (#1336)

From: Dave Longley via GitHub <sysbot+gh@w3.org>
Date: Wed, 08 Jan 2020 21:17:29 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-572260833-1578518247-sysbot+gh@w3.org>
> There might be cause to prohibit resident credential creation from within cross-origin iframes but we’re concerned that we don’t fully understand the legitimate use cases well enough to have a firm opinion on this.

Prohibiting credential creation from within cross-origin iframes may limit or prevent "just in time" registration flows that reduce onboarding friction.

GitHub Notification of comment by dlongley
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1336#issuecomment-572260833 using your GitHub account
Received on Wednesday, 8 January 2020 21:17:30 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:38:37 UTC