Today I learned that the way the Google FIDO u2f polyfill is written means the API defined at https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-javascript-api.html#high-level-javascript-api … can't actually be shipped in non-Chrome browsers in that form because the polyfill will stomp on it with code that only works in Chrome.
-
Show this thread
-
Replying to @really_bz @bz_moz
Is there a bug or write-up or pointer to what's going on? Would love to know more, and haven't actually read the polyfill.
1 reply 0 retweets 1 like -
Replying to @callahad
My commit message at https://bugzilla.mozilla.org/show_bug.cgi?id=1551282#c14 … should make it pretty clear what's going on.
1 reply 1 retweet 6 likes -
What's inside the functions that only works in Chrome?
1 reply 0 retweets 0 likes
Looking at https://u2fdemo.appspot.com/js/u2f-api.js the relevant bit is u2f.getMessagePort. It checks for chrome.runtime, then for a Chrome Android user-agent, then for iOS-specific stuff, and finally falls back to a chrome-extension:// iframe. That last only works in Chrome, yes? ;)
9:13 AM - 24 May 2019
0 replies
0 retweets
2 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.