fix #700 & #701: add same origin with ancestors param #702
Conversation
…e inconsistent parameter lists
index.bs
Outdated
| @@ -652,6 +653,11 @@ This method accepts two arguments: | |||
| :: This argument is a {{CredentialCreationOptions}} object whose | |||
| <code>|options|.{{CredentialCreationOptions/publicKey}}</code> member contains a {{MakePublicKeyCredentialOptions}} | |||
| object specifying the desired attributes of the to-be-created [=public key credential=]. | |||
|
|
|||
| : <dfn>sameOriginWithAncestors</dfn> | |||
| :: This argument is a boolean which is true iff the caller's [=environment settings object=] is | |||
There was a problem hiding this comment.
Do we use "iff" anywhere else in the document? Is it normally well understood for W3 specs?
There was a problem hiding this comment.
@mikewest uses it in credman. we can spell it out i spose.
index.bs
Outdated
| @@ -973,6 +983,10 @@ The <code>{{PublicKeyCredential}}.<dfn for="PublicKeyCredential" method>\[[Disco | |||
| :: This argument is a {{CredentialRequestOptions}} object whose | |||
| <code>|options|.{{CredentialRequestOptions/publicKey}}</code> member contains a {{PublicKeyCredentialRequestOptions}} | |||
| object specifying the desired attributes of the [=public key credential=] to discover. | |||
|
|
|||
| : <dfn>sameOriginWithAncestors</dfn> | |||
| :: This argument is a boolean which is true iff the caller's [=environment settings object=] is | |||
index.bs
Outdated
| @@ -982,14 +996,18 @@ When this method is invoked, the user agent MUST execute the following algorithm | |||
|
|
|||
| 1. Assert: <code>|options|.{{CredentialRequestOptions/publicKey}}</code> is [=present=]. | |||
|
|
|||
| 1. If |sameOriginWithAncestors is `false`, return a "{{NotAllowedError}}" {{DOMException}}. | |||
index.bs
Outdated
| @@ -661,14 +667,19 @@ When this method is invoked, the user agent MUST execute the following algorithm | |||
|
|
|||
| 1. Assert: <code>|options|.{{CredentialCreationOptions/publicKey}}</code> is [=present=]. | |||
|
|
|||
| 1. If <var ignore>OriginWithAncestors</var> is `false`, return a "{{NotAllowedError}}" {{DOMException}}. | |||
There was a problem hiding this comment.
You lost the same here in the last commit. :)
There was a problem hiding this comment.
LOL!! "haste makes waste..." thx for catching that o_O
index.bs
Outdated
|
|
||
| The <dfn for="PublicKeyCredential" method>\[[Store]](credential)</dfn> method is not supported | ||
| The <dfn for="PublicKeyCredential" method>\[[Store]](credential, sameOriginWithAncestors)</dfn> method is not supported | ||
| for Web Authentication's {{PublicKeyCredential}} type, so it always returns an error. | ||
|
|
||
| Note: This algorithm is synchronous; the {{Promise}} resolution/rejection is handled by | ||
| {{CredentialsContainer/store()|navigator.credentials.store()}}. | ||
|
|
||
| This method accepts a single argument: |
There was a problem hiding this comment.
This is technically no longer true, although it seems a little weird to specify the parameters at all when they are in effect ignored.
| for Web Authentication's {{PublicKeyCredential}} type, so it always returns an error. | ||
|
|
||
| Note: This algorithm is synchronous; the {{Promise}} resolution/rejection is handled by | ||
| {{CredentialsContainer/store()|navigator.credentials.store()}}. | ||
|
|
||
| This method accepts a single argument: | ||
| This [=internal method=] accepts two arguments: |
There was a problem hiding this comment.
This says two arguments, but the following list has only one argument.
|
per 29-Nov-2017 webauthn call: add note wrt the effect of having sameoriginwithancestors, and note that feature-policy once stable will be the right way to go in the future |
|
At 11-29-2017 WG meeting, we agreed we would allow same origin iframe for webauthn and add a note to the algorithm that when feature policy becomes "stable" (whether by spec status or by popularity in terms of implementation), we would move to allow iframe with feature policy do webauthn with cross-origin iframe. Browser vendors with feature policy implementation may choose to allow cross-origin iframe. |
|
Ok, I've updated this PR per the call today as noted in:
..please re-review, thanks! |
| However, in the future, this specification (in conjunction with | ||
| [[CREDENTIAL-MANAGEMENT-1]]) may provide [=[RPS]=] with more fine-grained control--e.g., ranging | ||
| from allowing only top-level access to Web Authentication functionality, | ||
| to allowing cross-origin embedded cases--by leveraging |
|
I am looking at it. |
|
@christiaanbrand please have someone review so we can merge |
|
Ok, this is also approved by reviews from @akshayku and @AngeloKai -- merged. |
equalsJeffH
deleted the
jeffh-fix-700-add-sameOriginWithAncestors-param
branch
This fixes issues #700 & #701.
include in WD-07 ?
please review :)
Preview | Diff