Re: [webauthn] Allow for credential creation in a cross-origin iframe (#1801) from Stephen McGruer via GitHub on 2023-01-18 (public-webauthn@w3.org from January 2023)

From: Stephen McGruer via GitHub <sysbot+gh@w3.org>
Date: Wed, 18 Jan 2023 19:28:56 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1387647492-1674070134-sysbot+gh@w3.org>

@timcappalli @ve7jtb - I've gone ahead and pushed two commits to this PR that add a note on the client making it clear to the user if the credential creation is in a cross-origin iframe, and also added a `topOrigin` member to convey some sense of the containing page info (though one could have a chain of different origins of course, and this wouldn't be represented).

Hope this is somewhat along the lines of what you were each thinking - but if not no worries, happy to revise to whatever feedback you have :)

-- 
GitHub Notification of comment by stephenmcgruer
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1801#issuecomment-1387647492 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 18 January 2023 19:28:58 UTC