Bug 314409

Summary:	[Site Isolation] WebAuthenticatorCoordinatorProxy messages from cross-origin frames are dropped
Product:	WebKit	Reporter:	Anthony Tarbinian <a.tarbinian>
Component:	New Bugs	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	webkit-bug-importer
Priority:	P1	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Anthony Tarbinian

Reported 2026-05-08 09:17:28 PDT

Currently, with site isolation enabled, WebAuthn messages which originate from cross-origin frames are dropped. This is because the message receiver for WebAuthn messages is only registered with the main frame's process. This is causing tests such as http/wpt/webauthn/public-key-credential-cross-origin.https.html to timeout with site isolation enabled.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2026-05-08 09:17:34 PDT

<rdar://problem/176561142>

Anthony Tarbinian

Comment 2 2026-05-08 11:02:44 PDT

Pull request: https://github.com/WebKit/WebKit/pull/64561

EWS

Comment 3 2026-05-12 11:09:26 PDT

Committed 313095@main (49b805fc29c3): <https://commits.webkit.org/313095@main> Reviewed commits have been landed. Closing PR #64561 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.