See https://chromium-review.googlesource.com/c/chromium/src/+/973661/1/content/browser/webauth/authenticator_impl_unittest.cc#149:
Extensions shouldn't be able to use webauthn (at least for now). We have code to stop this, but no test:
"The issue is that creating a url::Origin from a chrome-extension:// URL results in a unique origin because chrome-extension:// is "non-standard". Obviously the non-test path does something different because chrome-extension:// origins do reach AuthenticatorImpl in real-life. Thus we could either test in chrome/, or perhaps tweak the content/ test harness to construct the committed origin in a different way."
Comment 1 by engedy@chromium.org
, Mar 31 2018Labels: -Pri-3 M-67 Pri-2