WebOTP API: cross-origin iframe support

Feature: WebOTP API: cross-origin iframe support

Adds support for WebOTP API calls from cross-origin iframes if enabled by a permission policy.

Motivation

The WebOTP API gives developers the ability to programmatically read one time codes from specially-formatted SMSes addressed to their origin to reduce user friction. Many sites embed iframes that handle authentication for them. We propose to support the API in cross-origin iframes to address feature requests from the web developer community (e.g. Shopify, iCloud) and improve interoperability.

Specification

Editor's draft

Status in Chromium

Blink components: Blink

Enabled by default (tracking bug) in:

Chrome for Android release 91

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Firefox: Negative
Edge: No signal
Safari: Neutral
Web Developers: Positive

Owners

yigu@chromium.org
goto@chromium.org

Search tags

webotp, web otp,

Last updated on 2021-08-04