[webauthn] Pull Request: Allow for credential creation in a cross-origin iframe from Stephen McGruer via GitHub on 2022-09-14 (public-webauthn@w3.org from September 2022)

From: Stephen McGruer via GitHub <sysbot+gh@w3.org>
Date: Wed, 14 Sep 2022 00:10:47 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.opened-1055308555-1663114245-sysbot+gh@w3.org>

stephenmcgruer has just submitted a new pull request for https://github.com/w3c/webauthn:

== Allow for credential creation in a cross-origin iframe ==
See https://github.com/w3c/webauthn/issues/1656

This PR adds the ability to call navigator.credentials.create() in a cross-origin
iframe (more exactly, a frame that is not same-origin with its ancestor chain),
as long as the following conditions are met:

- The iframe has a publickey-credentials-create-feature permission policy
- The iframe has a [user activation](https://html.spec.whatwg.org/multipage/interaction.html#tracking-user-activation)

It has a corresponding PR on the credential management spec; see [TODO]

See https://github.com/w3c/webauthn/pull/1801


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 14 September 2022 00:10:48 UTC