Add permissions-policy check for publicKey credentials (#182)

* Add permissions-policy check for publicKey credentials If the `CredentialRequestOptions` supplied to the Request a Credential algorithm contains a object named `publicKey` then check that the responsible document is allowed to use the publickey-credentials-get policy-controlled feature. * incorp nsatragno & jyasskin feedback, thx! * Apply jyasskin's suggestions, thx! Co-authored-by: Jeffrey Yasskin <[email protected]> Co-authored-by: Jeffrey Yasskin <[email protected]>
w3c · Jan 6, 2022 · 307bd77 · 307bd77
1 parent b273b4a
commit 307bd77
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/index.bs b/index.bs
@@ -831,6 +831,14 @@ spec:css-syntax-3;
     1.  Let |sameOriginWithAncestors| be `true` if |settings| is [=same-origin with its
         ancestors=], and `false` otherwise.
 
+    1.  If |options|[{{CredentialRequestOptions/publicKey}}] [=map/exists=] then
+        if |settings|' [=responsible document=] is **not** [=allowed to use=] the
+        [=publickey-credentials-get-feature|publickey-credentials-get=]
+        [=policy-controlled feature=] return [=a promise rejected with=] a "{{NotAllowedError}}" {{DOMException}}.
+
+        Note: <a const>`password`</a> and <a const>`federated`</a> [=credential types=] are not presently
+        treated as [=policy-controlled features=], although this may change in the future.
+
     1.  Run the following steps [=in parallel=]:
 
         1.  Let |credentials| be the result of <a abstract-op lt="collect local">collecting