on 2020-01-22 call: chrome folks @agl indicated that changing this esp for top-level contexts would be very problematic for us, more sanguine re cross-origin iframes. @jcjones thinks this applies for cross-origin iframes. presently top-level context must obtain user interaction to do full-screen. @jcjones thinks this is still valid issue -- is 2 sep issues: (a) cross-origin iframes being interacted with before webauthn completes, and (b) requiring user interact for all webauthn for any context. a thought/question is whether interaction with top-level context can be used to allow webauthn in embedded cross-origin contexts. @agl notes that (b) is a big deal and browsers would need to coordinate. @jcjones notes that we need to review what the definitions for "interact" are? (moving one's mouse?) we ought to look at what the fullscreen API has done....? (but might be disappointed there...) -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1293#issuecomment-577378396 using your GitHub accountReceived on Wednesday, 22 January 2020 20:48:29 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:38:37 UTC