Bug 234309

Summary: [WebAuthn] Allow same-site, cross-origin iframe get()
Product: WebKit Reporter: pascoe <pascoe>
Component: WebKit Misc.Assignee: pascoe <pascoe>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, cdumez, changseok, esprehn+autocc, ews-watchlist, gyuyoung.kim, jiewen_tan, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 234180    
Attachments:
Description Flags
Patch
none
Patch
none
Patch none

pascoe@apple.com
Reported 2021-12-14 13:33:14 PST
WebAuthn Level 2 specifies a feature policy: https://w3c.github.io/webauthn/#sctn-iframe-guidance, functionality to get credentials from a cross-origin iframe should be enabled if the iframe has the allow="publickey-credentials-get" attribute/value pair. This patch implements this functionality only for same-site, cross-origin i-frames. This bug is to reland: https://bugs.webkit.org/show_bug.cgi?id=234180
Attachments
Patch (43.36 KB, patch)
2021-12-14 13:37 PST, pascoe@apple.com 		no flags
DetailsFormatted DiffDiff
Patch (43.22 KB, patch)
2021-12-14 16:40 PST, pascoe@apple.com 		no flags
DetailsFormatted DiffDiff
Patch (43.16 KB, patch)
2021-12-15 11:05 PST, pascoe@apple.com 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-12-14 13:35:05 PST
<rdar://problem/86486313>
pascoe@apple.com
Comment 2 2021-12-14 13:37:28 PST
Created attachment 447153 [details] Patch
pascoe@apple.com
Comment 3 2021-12-14 16:40:39 PST
Created attachment 447177 [details] Patch
pascoe@apple.com
Comment 4 2021-12-15 11:05:52 PST
Created attachment 447260 [details] Patch
Brent Fulgham
Comment 5 2021-12-15 12:52:24 PST
Comment on attachment 447260 [details] Patch r=me
EWS
Comment 6 2021-12-15 16:54:14 PST
Committed r287116 (245301@main): <https://commits.webkit.org/245301@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 447260 [details].
Note You need to log in before you can comment on or make changes to this bug.