- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Wed, 22 Jan 2020 20:48:27 +0000
- To: public-webauthn@w3.org
on 2020-01-22 call: chrome folks @agl indicated that changing this esp for top-level contexts would be very problematic for us, more sanguine re cross-origin iframes. @jcjones thinks this applies for cross-origin iframes. presently top-level context must obtain user interaction to do full-screen. @jcjones thinks this is still valid issue -- is 2 sep issues: (a) cross-origin iframes being interacted with before webauthn completes, and (b) requiring user interact for all webauthn for any context. a thought/question is whether interaction with top-level context can be used to allow webauthn in embedded cross-origin contexts. @agl notes that (b) is a big deal and browsers would need to coordinate. @jcjones notes that we need to review what the definitions for "interact" are? (moving one's mouse?) we ought to look at what the fullscreen API has done....? (but might be disappointed there...) -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1293#issuecomment-577378396 using your GitHub account
Received on Wednesday, 22 January 2020 20:48:29 UTC