- From: Nina Satragno via GitHub <sysbot+gh@w3.org>
- Date: Wed, 09 Oct 2024 14:54:31 +0000
- To: public-webauthn@w3.org
nsatragno has just created a new issue for https://github.com/w3c/webauthn: == Handling of non-fully active documents for PublicKeyCredential methods == Documents become non-[fully active](https://html.spec.whatwg.org/multipage/document-sequences.html#fully-active-documents) after they are navigated away. > User agents must not allow the user to interact with [child navigables](https://html.spec.whatwg.org/multipage/document-sequences.html#child-navigable) whose [container documents](https://html.spec.whatwg.org/multipage/document-sequences.html#nav-container-document) are not themselves [fully active](https://html.spec.whatwg.org/multipage/document-sequences.html#fully-active). The Credential Management specification [rejects promises returned by `navigator.create` and `navigator.get` with `InvalidStateError` if the document is not fully active](https://github.com/w3c/webappsec-credential-management/issues/227). Should we specify that we do the same for methods that hang from `PublicKeyCredential` (isuvpaa, iscma, signal*, get client capabilities)? Chrome will throw if the document is not fully-active for methods that return a promise. For signal*, we won't change this behaviour: signal* methods may result in UI, and we need a document to attach that UI to. isuvpaa, iscma, and get client capabilities I could see us going either way, but honestly there's no reason to call these from a detached document. Let's standardize this behaviour and reject for non-fully active documents. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2184 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 9 October 2024 14:54:32 UTC