WebAuthn Level 2 specifies a feature policy: https://w3c.github.io/webauthn/#sctn-iframe-guidance, functionality to get credentials from a cross-origin iframe should be enabled if the iframe has the allow="publickey-credentials-get" attribute/value pair. This patch implements this functionality only for same-site, cross-origin i-frames. This bug is to reland: https://bugs.webkit.org/show_bug.cgi?id=234180
<rdar://problem/86486313>
Created attachment 447153 [details] Patch
Created attachment 447177 [details] Patch
Created attachment 447260 [details] Patch
Comment on attachment 447260 [details] Patch r=me
Committed r287116 (245301@main): <https://commits.webkit.org/245301@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 447260 [details].