-
Notifications
You must be signed in to change notification settings - Fork 169
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix #700 & #701: add same origin with ancestors param #702
fix #700 & #701: add same origin with ancestors param #702
Conversation
…e inconsistent parameter lists
index.bs
Outdated
@@ -652,6 +653,11 @@ This method accepts two arguments: | |||
:: This argument is a {{CredentialCreationOptions}} object whose | |||
<code>|options|.{{CredentialCreationOptions/publicKey}}</code> member contains a {{MakePublicKeyCredentialOptions}} | |||
object specifying the desired attributes of the to-be-created [=public key credential=]. | |||
|
|||
: <dfn>sameOriginWithAncestors</dfn> | |||
:: This argument is a boolean which is true iff the caller's [=environment settings object=] is |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we use "iff" anywhere else in the document? Is it normally well understood for W3 specs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mikewest uses it in credman. we can spell it out i spose.
index.bs
Outdated
@@ -973,6 +983,10 @@ The <code>{{PublicKeyCredential}}.<dfn for="PublicKeyCredential" method>\[[Disco | |||
:: This argument is a {{CredentialRequestOptions}} object whose | |||
<code>|options|.{{CredentialRequestOptions/publicKey}}</code> member contains a {{PublicKeyCredentialRequestOptions}} | |||
object specifying the desired attributes of the [=public key credential=] to discover. | |||
|
|||
: <dfn>sameOriginWithAncestors</dfn> | |||
:: This argument is a boolean which is true iff the caller's [=environment settings object=] is |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as above
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto.
index.bs
Outdated
@@ -982,14 +996,18 @@ When this method is invoked, the user agent MUST execute the following algorithm | |||
|
|||
1. Assert: <code>|options|.{{CredentialRequestOptions/publicKey}}</code> is [=present=]. | |||
|
|||
1. If |sameOriginWithAncestors is `false`, return a "{{NotAllowedError}}" {{DOMException}}. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
missing a closing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, save for some small issues pointed out in review details.
index.bs
Outdated
@@ -661,14 +667,19 @@ When this method is invoked, the user agent MUST execute the following algorithm | |||
|
|||
1. Assert: <code>|options|.{{CredentialCreationOptions/publicKey}}</code> is [=present=]. | |||
|
|||
1. If <var ignore>OriginWithAncestors</var> is `false`, return a "{{NotAllowedError}}" {{DOMException}}. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You lost the same
here in the last commit. :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LOL!! "haste makes waste..." thx for catching that o_O
index.bs
Outdated
|
||
The <dfn for="PublicKeyCredential" method>\[[Store]](credential)</dfn> method is not supported | ||
The <dfn for="PublicKeyCredential" method>\[[Store]](credential, sameOriginWithAncestors)</dfn> method is not supported | ||
for Web Authentication's {{PublicKeyCredential}} type, so it always returns an error. | ||
|
||
Note: This algorithm is synchronous; the {{Promise}} resolution/rejection is handled by | ||
{{CredentialsContainer/store()|navigator.credentials.store()}}. | ||
|
||
This method accepts a single argument: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is technically no longer true, although it seems a little weird to specify the parameters at all when they are in effect ignored.
for Web Authentication's {{PublicKeyCredential}} type, so it always returns an error. | ||
|
||
Note: This algorithm is synchronous; the {{Promise}} resolution/rejection is handled by | ||
{{CredentialsContainer/store()|navigator.credentials.store()}}. | ||
|
||
This method accepts a single argument: | ||
This [=internal method=] accepts two arguments: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This says two arguments, but the following list has only one argument.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
argh. thx.
per 29-Nov-2017 webauthn call: add note wrt the effect of having sameoriginwithancestors, and note that feature-policy once stable will be the right way to go in the future |
At 11-29-2017 WG meeting, we agreed we would allow same origin iframe for webauthn and add a note to the algorithm that when feature policy becomes "stable" (whether by spec status or by popularity in terms of implementation), we would move to allow iframe with feature policy do webauthn with cross-origin iframe. Browser vendors with feature policy implementation may choose to allow cross-origin iframe. |
Ok, I've updated this PR per the call today as noted in:
..please re-review, thanks! |
However, in the future, this specification (in conjunction with | ||
[[CREDENTIAL-MANAGEMENT-1]]) may provide [=[RPS]=] with more fine-grained control--e.g., ranging | ||
from allowing only top-level access to Web Authentication functionality, | ||
to allowing cross-origin embedded cases--by leveraging |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thx!
I am looking at it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks OK to me.
@christiaanbrand please have someone review so we can merge |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lgtm
Ok, this is also approved by reviews from @akshayku and @AngeloKai -- merged. |
This fixes issues #700 & #701.
include in WD-07 ?
please review :)
Preview | Diff