New issue
Advanced search Search tips

Issue 824450 link

Starred by 2 users
Status: Available
Owner: ----
Cc:
agl@chromium.org
kenrb@chromium.org
martinkr@google.com
engedy@chromium.org
ssoneff@google.com
kpaulhamus@chromium.org
jdoerrie@chromium.org
mknowles@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug


Participants' hotlists:
Hotlist-1


Sign in to add a comment

We have no test for extensions trying to use webauthn

Project Member Reported by agl@chromium.org, Mar 21 2018 
See https://chromium-review.googlesource.com/c/chromium/src/+/973661/1/content/browser/webauth/authenticator_impl_unittest.cc#149:

Extensions shouldn't be able to use webauthn (at least for now). We have code to stop this, but no test:

"The issue is that creating a url::Origin from a chrome-extension:// URL results in a unique origin because chrome-extension:// is "non-standard". Obviously the non-test path does something different because chrome-extension:// origins do reach AuthenticatorImpl in real-life. Thus we could either test in chrome/, or perhaps tweak the content/ test harness to construct the committed origin in a different way."

Comment 1 by engedy@chromium.org, Mar 31 2018

Cc: agl@chromium.org
Labels: -Pri-3 M-67 Pri-2

Comment 2 by engedy@chromium.org, Mar 31 2018

Labels: Hotlist-WebAuthnFixit

Comment 3 by kpaulhamus@chromium.org, Jun 5 2018

Labels: -M-67 M-69

Comment 4 by kpaulhamus@chromium.org, Jan 9

Labels: -M-69

Sign in to add a comment