Cross-origin credential creation in iframes

242 views
Skip to first unread message

hetin k

unread,
Oct 28, 2023, 6:42:37 AM10/28/23
to FIDO Dev (fido-dev)
Hi all,

is cross-origin credential creation in iframes feature supported in major browser?

mozilla doc say it is supported in chrome. But on chrome, getting following error - The following credential operations can only occur in a document which is same-origin with all of its ancestors: storage/retrieval of 'PasswordCredential' and 'FederatedCredential', storage of 'PublicKeyCredential'.

Please find sample code i used

<iframe src="..." allow="publickey-credentials-create 'src'; publickey-credentials-get 'src'" />

Thanks

Adam Langley

unread,
Oct 28, 2023, 10:39:14 AM10/28/23
to FIDO Dev (fido-dev), hetin k
On Saturday, October 28, 2023 at 3:42:37 AM UTC-7 hetin k wrote:
Hi all,

is cross-origin credential creation in iframes feature supported in major browser?

mozilla doc say it is supported in chrome. But on chrome, getting following error - The following credential operations can only occur in a document which is same-origin with all of its ancestors: storage/retrieval of 'PasswordCredential' and 'FederatedCredential', storage of 'PublicKeyCredential'.

It is not supported in Chrome, although https://groups.google.com/a/chromium.org/g/blink-dev/c/xCxtXr17JLs may be of interest.


Cheers

AGL 

Santhosh Murugan

unread,
Dec 16, 2023, 2:26:21 PM12/16/23
to FIDO Dev (fido-dev), Adam Langley, hetin k
does anyone know syntax for putting single/multiple origins in  publickey-credentials-get allowlist in iframe?

For example following does not work in chrome
<iframe src=" https://a.example.com" allow="publickey-credentials-get  'https://a.example.com' " />
Reply all
Reply to author
Forward
0 new messages