Avatar for Username

Pesquisar no site de suporte

Evite golpes de suporte. Nunca pedimos que você ligue ou envie uma mensagem de texto para um número de telefone, ou compartilhe informações pessoais. Denuncie atividades suspeitas usando a opção “Denunciar abuso”.

Saiba mais

Esta discussão foi arquivada. Faça uma nova pergunta se precisa de ajuda.

Webauthn inside iframe and cross origin

  • 2 respostas
  • 1 tem este problema
  • 57 visualizações
  • Última resposta de cor-el

UserCanFirefox
UserCanFirefox
more options

Hello,

does Firefox support "allow" Tag for Web Authentication API? I am trying to Register(create()) Credentials(Yubikey) but the request is rejected. How can I allow an iframe to create Credentials?

window - a.domain.com iframe - b.domain.com

I am trying to register the keys for domain.com

5.10. Using Web Authentication within iframe elements The Web Authentication API is disabled by default in cross-origin iframes. To override this default policy and indicate that a cross-origin iframe is allowed to invoke the Web Authentication API, specify the allow attribute on the iframe element and include the publickey-credentials feature-identifier token in the allow attribute’s value. https://w3c.github.io/webauthn/#publickey-credentials-feature

Note: This API is restricted to top-level contexts. Use from within an <iframe> element will not have any effect. https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredential

<iframe allow="publickey-credentials 'https://myprofile.ekir.de';" src="https://b.domain.com"> <iframe allow="publickey-credentials:*" src="https://b.domain.com"> <iframe allow="publickey-credentials:*" publickey-credentials src="https://b.domain.com">


Thank you in Advance!

Hello, does Firefox support "allow" Tag for Web Authentication API? I am trying to Register(create()) Credentials(Yubikey) but the request is rejected. How can I allow an iframe to create Credentials? window - a.domain.com iframe - b.domain.com I am trying to register the keys for domain.com 5.10. Using Web Authentication within iframe elements The Web Authentication API is disabled by default in cross-origin iframes. To override this default policy and indicate that a cross-origin iframe is allowed to invoke the Web Authentication API, specify the allow attribute on the iframe element and include the publickey-credentials feature-identifier token in the allow attribute’s value. https://w3c.github.io/webauthn/#publickey-credentials-feature Note: This API is restricted to top-level contexts. Use from within an <iframe> element will not have any effect. https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredential <iframe allow="publickey-credentials 'https://myprofile.ekir.de';" src="https://b.domain.com"> <iframe allow="publickey-credentials:*" src="https://b.domain.com"> <iframe allow="publickey-credentials:*" publickey-credentials src="https://b.domain.com"> Thank you in Advance!

Todas as respostas (2)

UserCanFirefox
UserCanFirefox Autor da pergunta
more options

This method is restricted to top-level contexts. Calls to it within an <iframe> element will resolve without effect. https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create

Alterado por UserCanFirefox em

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Try to ask advice at the Reddit website.

See also: