- From: Adam Langley via GitHub <sysbot+gh@w3.org>
- Date: Mon, 16 Sep 2024 18:13:31 +0000
- To: public-webauthn@w3.org
> Or more specifically, the password manager's UI would prevail over the ambient UI? If an extension hooked `get()` then it must also hook `getClientCapabilities()`. If it didn't support this interface, it wouldn't advertise support. Thus this UI wouldn't appear. > What would the UI look like if the assertion happened from within a (x-domain) iframe? Still an open question. Since cross-domain iframes need to be given explicit permission to call WebAuthn by the parent frame, it might be reasonable to allow this. (I.e. perhaps some 3rd-party authentication service would work like that.) But I can also see the argument that the UI is linked to the main frame and thus shouldn't apply in that case. -- GitHub Notification of comment by agl Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2144#issuecomment-2353587417 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 16 September 2024 18:13:32 UTC