Re: [webauthn] Prohibit Create Credential from cross-origin iframes (#1394) from Ken Buchanan via GitHub on 2020-03-25 (public-webauthn@w3.org from March 2020)

From: Ken Buchanan via GitHub <sysbot+gh@w3.org>
Date: Wed, 25 Mar 2020 17:01:24 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-603962384-1585155683-sysbot+gh@w3.org>

Or rename the feature policy, at least? I thought the idea was that if we decide later to allow MakeCredential from cross-origin iframes, we would need a new feature policy, so as not to change the behavior of an existing one for sites that might be using it. So the feature policy being added for this should correspond specifically to GetAssertion, if I understand correctly.

-- 
GitHub Notification of comment by kenrb
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1394#issuecomment-603962384 using your GitHub account

Received on Wednesday, 25 March 2020 17:01:27 UTC