-
Notifications
You must be signed in to change notification settings - Fork 22.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FF123 updates for permission publickey-credentials-create #32135
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hamishwillee
requested review from
wbamberg,
teoli2003 and
chrisdavidmills
and removed request for
a team
February 6, 2024 04:25
github-actions
bot
added
Content:WebAPI
Web API docs
Content:HTTP
HTTP docs
size/s
[PR only] 6-50 LoC changed
labels
Feb 6, 2024
hamishwillee
commented
Feb 6, 2024
10 tasks
dasJ
reviewed
Feb 6, 2024
hamishwillee
commented
Feb 9, 2024
hamishwillee
commented
Feb 9, 2024
files/en-us/web/http/headers/permissions-policy/publickey-credentials-create/index.md
Outdated
Show resolved
Hide resolved
hamishwillee
commented
Feb 9, 2024
files/en-us/web/http/headers/permissions-policy/publickey-credentials-get/index.md
Outdated
Show resolved
Hide resolved
hamishwillee
commented
Feb 9, 2024
wbamberg
reviewed
Feb 9, 2024
dasJ
reviewed
Feb 9, 2024
wbamberg
reviewed
Feb 9, 2024
github-actions
bot
added
size/m
[PR only] 51-500 LoC changed
and removed
size/s
[PR only] 6-50 LoC changed
labels
Feb 11, 2024
Co-authored-by: wbamberg <will@bootbonnet.ca>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
hamishwillee
force-pushed
the
ff123_credentials_create
branch
from
February 12, 2024 20:47
56eef41
to
2959b46
Compare
@wbamberg Anything else needed here (when you have a moment) |
wbamberg
previously requested changes
Feb 13, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a couple of nits.
Co-authored-by: wbamberg <will@bootbonnet.ca>
wbamberg
approved these changes
Feb 15, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 thank you Hamish!
No, thanks for your patience and help. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Content:HTML
Hypertext Markup Language docs
Content:HTTP
HTTP docs
Content:WebAPI
Web API docs
size/m
[PR only] 51-500 LoC changed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
FF123 supports Feature policy
publickey-credentials-create
in https://bugzilla.mozilla.org/show_bug.cgi?id=1870863As per usual for FF, this can't be set on the header, but only via
allow
on the frame.This attempts to update the docs with some corrections according to advice from engineers and my interpretation of the spec. Note that I think there are probably more relevant exceptions, but I don't propose to go through all the specs right now.
The specific issues fixed are:
SecurityError
. Spec saysNotAllowedError
in step 5 herecreate()
in an iframe, but that was changed in WebAuthn spec in Allow for credential creation in a cross-origin iframe w3c/webauthn#1801 and to the Credential Management spec in Add support for publickey-credentials-create permission policy w3c/webappsec-credential-management#209. I added some examples.I'm seeing confirmation from engineers too in https://bugzilla.mozilla.org/show_bug.cgi?id=1870863#c7 but the spec seems fairly clear on the NotAllowedError and transient activation.
Other docs work can be tracked in #31890