Avatar for Username

Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

En savoir plus

Ce sujet de discussion a été archivé. Veuillez poser une nouvelle question si vous avez besoin d’aide.

Webauthn inside iframe and cross origin

  • 2 réponses
  • 1 a ce problème
  • 3 vues
  • Dernière réponse par cor-el

UserCanFirefox
UserCanFirefox
more options

Hello,

does Firefox support "allow" Tag for Web Authentication API? I am trying to Register(create()) Credentials(Yubikey) but the request is rejected. How can I allow an iframe to create Credentials?

window - a.domain.com iframe - b.domain.com

I am trying to register the keys for domain.com

5.10. Using Web Authentication within iframe elements The Web Authentication API is disabled by default in cross-origin iframes. To override this default policy and indicate that a cross-origin iframe is allowed to invoke the Web Authentication API, specify the allow attribute on the iframe element and include the publickey-credentials feature-identifier token in the allow attribute’s value. https://w3c.github.io/webauthn/#publickey-credentials-feature

Note: This API is restricted to top-level contexts. Use from within an <iframe> element will not have any effect. https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredential

<iframe allow="publickey-credentials 'https://myprofile.ekir.de';" src="https://b.domain.com"> <iframe allow="publickey-credentials:*" src="https://b.domain.com"> <iframe allow="publickey-credentials:*" publickey-credentials src="https://b.domain.com">


Thank you in Advance!

Hello, does Firefox support "allow" Tag for Web Authentication API? I am trying to Register(create()) Credentials(Yubikey) but the request is rejected. How can I allow an iframe to create Credentials? window - a.domain.com iframe - b.domain.com I am trying to register the keys for domain.com 5.10. Using Web Authentication within iframe elements The Web Authentication API is disabled by default in cross-origin iframes. To override this default policy and indicate that a cross-origin iframe is allowed to invoke the Web Authentication API, specify the allow attribute on the iframe element and include the publickey-credentials feature-identifier token in the allow attribute’s value. https://w3c.github.io/webauthn/#publickey-credentials-feature Note: This API is restricted to top-level contexts. Use from within an <iframe> element will not have any effect. https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredential <iframe allow="publickey-credentials 'https://myprofile.ekir.de';" src="https://b.domain.com"> <iframe allow="publickey-credentials:*" src="https://b.domain.com"> <iframe allow="publickey-credentials:*" publickey-credentials src="https://b.domain.com"> Thank you in Advance!

Toutes les réponses (2)

UserCanFirefox
UserCanFirefox Auteur de la question
more options

This method is restricted to top-level contexts. Calls to it within an <iframe> element will resolve without effect. https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create

Modifié le par UserCanFirefox

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Try to ask advice at the Reddit website.

See also: