Fully active checks?

[marcoscaceres]

Seems we might be missing a couple of fully active checks on .get(), .store(), .create() and store().

that is, is there are case for stealing a reference from an iframe's navigator.credential to attempt to use the API? (I don't imagine there is)

const iframe = document.querySelector("iframe");
const { credentials } = iframe.contentWindow.navigator;
iframe.remove(); // no longer fully active..

await credentials.get(someCredential); // probably reject with NotAllowedError

[marcoscaceres]

We might also want to deal with what happens when a credential UI is shown and the underlying document becomes non-fully-active (i.e., probably want to tear down any UI and AbortError promises or something).

[marcoscaceres]

We probably need to add a promise reaction here too... to clear the active credential type.

[marcoscaceres]

Reopening so we can add the reactions.