Webauthn inside iframe and cross origin
Hello,
does Firefox support "allow" Tag for Web Authentication API? I am trying to Register(create()) Credentials(Yubikey) but the request is rejected. How can I allow an iframe to create Credentials?
window - a.domain.com iframe - b.domain.com
I am trying to register the keys for domain.com
5.10. Using Web Authentication within iframe elements The Web Authentication API is disabled by default in cross-origin iframes. To override this default policy and indicate that a cross-origin iframe is allowed to invoke the Web Authentication API, specify the allow attribute on the iframe element and include the publickey-credentials feature-identifier token in the allow attribute’s value. https://w3c.github.io/webauthn/#publickey-credentials-feature
Note: This API is restricted to top-level contexts. Use from within an <iframe> element will not have any effect. https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredential
<iframe allow="publickey-credentials 'https://myprofile.ekir.de';" src="https://b.domain.com"> <iframe allow="publickey-credentials:*" src="https://b.domain.com"> <iframe allow="publickey-credentials:*" publickey-credentials src="https://b.domain.com">
Thank you in Advance!
Svi odgovori (2)
This method is restricted to top-level contexts. Calls to it within an <iframe> element will resolve without effect. https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create
Izmjenjeno
Try to ask advice at the Reddit website.
See also: