This is needed for cross-origin authenticating i-frames to use cookies.
<rdar://problem/89719739>
It's important that anything that opens up storage access uses prompt language that makes cross-site tracking capabilities clear.
Created attachment 455067 [details] Patch
Comment on attachment 455067 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=455067&action=review r=me > Source/WebKit/ChangeLog:10 > + assertion. On the apple port, the prompt required for cross-origin assertions includes Nit: 'Apple' port > Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp:62 > + crossOriginParent = document->securityOrigin().data(); Are these ever different when the 'isSameOriginAs' test passes? I wonder if this part of the change is needed.
(In reply to Brent Fulgham from comment #4) > > Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp:62 > > + crossOriginParent = document->securityOrigin().data(); > > Are these ever different when the 'isSameOriginAs' test passes? I wonder if > this part of the change is needed. They are different here because the check above checks that isSameOriginAs doesn't pass. > if (!crossOriginParent && !origin.isSameOriginAs(document->securityOrigin())) Thank you for the review.
Created attachment 455120 [details] Patch for landing
After further discussion, this will be handled a different way.