Bug 234309 - [WebAuthn] Allow same-site, cross-origin iframe get()
Summary: [WebAuthn] Allow same-site, cross-origin iframe get()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: j_pascoe@apple.com
URL:
Keywords: InRadar
Depends on:
Blocks: 234180
  Show dependency treegraph
 
Reported: 2021-12-14 13:33 PST by j_pascoe@apple.com
Modified: 2021-12-15 16:54 PST (History)
8 users (show)

See Also:


Attachments
Patch (43.36 KB, patch)
2021-12-14 13:37 PST, j_pascoe@apple.com
no flags Details | Formatted Diff | Diff
Patch (43.22 KB, patch)
2021-12-14 16:40 PST, j_pascoe@apple.com
no flags Details | Formatted Diff | Diff
Patch (43.16 KB, patch)
2021-12-15 11:05 PST, j_pascoe@apple.com
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description j_pascoe@apple.com 2021-12-14 13:33:14 PST
WebAuthn Level 2 specifies a feature policy: https://w3c.github.io/webauthn/#sctn-iframe-guidance, functionality to get credentials from a cross-origin iframe should be enabled if the iframe has the allow="publickey-credentials-get" attribute/value pair.

This patch implements this functionality only for same-site, cross-origin i-frames.

This bug is to reland: https://bugs.webkit.org/show_bug.cgi?id=234180
Comment 1 Radar WebKit Bug Importer 2021-12-14 13:35:05 PST
<rdar://problem/86486313>
Comment 2 j_pascoe@apple.com 2021-12-14 13:37:28 PST
Created attachment 447153 [details]
Patch
Comment 3 j_pascoe@apple.com 2021-12-14 16:40:39 PST
Created attachment 447177 [details]
Patch
Comment 4 j_pascoe@apple.com 2021-12-15 11:05:52 PST
Created attachment 447260 [details]
Patch
Comment 5 Brent Fulgham 2021-12-15 12:52:24 PST
Comment on attachment 447260 [details]
Patch

r=me
Comment 6 EWS 2021-12-15 16:54:14 PST
Committed r287116 (245301@main): <https://commits.webkit.org/245301@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 447260 [details].