[Spec] Require user-activation for credential creation in cross-origin iframe

w3c / secure-payment-confirmation

Secure Payment Confirmation (SPC)

https://w3c.github.io/secure-payment-confirmation/

Other

106 stars 48 forks source link

[Spec] Require user-activation for credential creation in cross-origin iframe #178

Closed stephenmcgruer closed 2 years ago

stephenmcgruer commented 2 years ago

See #128

Preview | Diff

stephenmcgruer commented 2 years ago

Good catch; I totally forgot we already had a section on this! Fixed.

stephenmcgruer commented 2 years ago

After today's discussion with WebAuthn folks, I've changed this PR to only require a user activation when creating a credential in a cross-origin iframe. This better aligns with what this would look like if WebAuthn started to allow credential creation in a cross-origin iframe.