Closed stephenmcgruer closed 2 years ago
Good catch; I totally forgot we already had a section on this! Fixed.
After today's discussion with WebAuthn folks, I've changed this PR to only require a user activation when creating a credential in a cross-origin iframe. This better aligns with what this would look like if WebAuthn started to allow credential creation in a cross-origin iframe.
See #128
Preview | Diff