digital-credentials
digital-credentials copied to clipboard
WICG
Invoked from disconnected document
From the TAG security and privacy questionnaire: what behavior do we want if the API is invoked from a disconnected document (like a same-origin iframe)? Probably just immediately fail, right?
But what if the document gets disconnected while waiting for the response from the wallet, any issue there or something we need to specify?
Can you link to the relevant section of the questionnaire?
Or an example of similar disconnected document behavior in another API?
Can you link to the relevant section of the questionnaire?
https://w3ctag.github.io/security-questionnaire/#non-fully-active
Thanks, perhaps we can look at the answers for webauthn, since the API is similar.
It seems like disconnecting the document would destroy any unresolved promises, not sure if there is a way to deliver an error to the wallet for those cases.
It makes sense to just reject immediately. Storage Access does this: https://privacycg.github.io/storage-access/#the-document-object
Same with Payment Request... it aborts the promise and closes the UI.
There are two parts:
- the doc is not fully active
- and the doc becomes not fully active (e.g., navigates) while the UI is shown.
The first fully active checks needs to be fixed in the CM API: https://github.com/w3c/webappsec-credential-management/issues/227
We then need to do set up the handler should the document become detached (or navigates).
Note that it's not just iframes... the top level frame could navigate.
Quick update: we've fixed Cred Man to now deal with detached docs (i.e., documents that are "not fully active"). Also implemented in WebKit and browser bugs filed.
We haven't yet dealt with documents becoming detached. Will deal with that soon.