W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2020

Re: [webauthn] Prohibit Create Credential from cross-origin iframes (#1394)

From: Ken Buchanan via GitHub <sysbot+gh@w3.org>
Date: Wed, 25 Mar 2020 17:01:24 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-603962384-1585155683-sysbot+gh@w3.org>
Or rename the feature policy, at least? I thought the idea was that if we decide later to allow MakeCredential from cross-origin iframes, we would need a new feature policy, so as not to change the behavior of an existing one for sites that might be using it. So the feature policy being added for this should correspond specifically to GetAssertion, if I understand correctly.

GitHub Notification of comment by kenrb
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1394#issuecomment-603962384 using your GitHub account
Received on Wednesday, 25 March 2020 17:01:27 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:40 UTC