We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Webauthn inside iframe and cross origin

  • 2 replies
  • 1 has this problem
  • 57 views
  • Last reply by cor-el

more options

Hello,

does Firefox support "allow" Tag for Web Authentication API? I am trying to Register(create()) Credentials(Yubikey) but the request is rejected. How can I allow an iframe to create Credentials?

window - a.domain.com iframe - b.domain.com

I am trying to register the keys for domain.com

5.10. Using Web Authentication within iframe elements The Web Authentication API is disabled by default in cross-origin iframes. To override this default policy and indicate that a cross-origin iframe is allowed to invoke the Web Authentication API, specify the allow attribute on the iframe element and include the publickey-credentials feature-identifier token in the allow attribute’s value. https://w3c.github.io/webauthn/#publickey-credentials-feature

Note: This API is restricted to top-level contexts. Use from within an <iframe> element will not have any effect. https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredential

<iframe allow="publickey-credentials 'https://myprofile.ekir.de';" src="https://b.domain.com"> <iframe allow="publickey-credentials:*" src="https://b.domain.com"> <iframe allow="publickey-credentials:*" publickey-credentials src="https://b.domain.com">


Thank you in Advance!

Hello, does Firefox support "allow" Tag for Web Authentication API? I am trying to Register(create()) Credentials(Yubikey) but the request is rejected. How can I allow an iframe to create Credentials? window - a.domain.com iframe - b.domain.com I am trying to register the keys for domain.com 5.10. Using Web Authentication within iframe elements The Web Authentication API is disabled by default in cross-origin iframes. To override this default policy and indicate that a cross-origin iframe is allowed to invoke the Web Authentication API, specify the allow attribute on the iframe element and include the publickey-credentials feature-identifier token in the allow attribute’s value. https://w3c.github.io/webauthn/#publickey-credentials-feature Note: This API is restricted to top-level contexts. Use from within an <iframe> element will not have any effect. https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredential <iframe allow="publickey-credentials 'https://myprofile.ekir.de';" src="https://b.domain.com"> <iframe allow="publickey-credentials:*" src="https://b.domain.com"> <iframe allow="publickey-credentials:*" publickey-credentials src="https://b.domain.com"> Thank you in Advance!

All Replies (2)

more options

This method is restricted to top-level contexts. Calls to it within an <iframe> element will resolve without effect. https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create

Modified by UserCanFirefox

more options