In the explainer, the default for the new permissions policy is 'none', however I don't believe this is currently supported in the codebase except as a speculative prototype: https://source.chromium.org/chromium/chromium/src/+/main:services/network/public/cpp/permissions_policy/permissions_policy_features.h;drc=5e79508c687fc220ac05fb45dfc582ae69ebfb42;l=41
Implementing it would require its own launch and spec change. It might be worth seeking feedback specifically on that point from [email protected] on the early side (before pursuing experiment or launch). ~ Ari Chivukula (Their/There/They're) On Fri, Apr 24, 2026, 13:06 Chromestatus <[email protected]> wrote: > *Contact emails* > [email protected], [email protected], [email protected] > > *Explainer* > > https://github.com/bobomb/MSEdgeExplainers/blob/9838480febdc51033b46e2d9d7a9d1813df890f1/WebAuthnRemoteClientDataJSON/explainer.md > > *Specification* > https://github.com/w3c/webauthn/pull/2375 > > *Summary* > Allows a caller to provide a complete clientDataJSON string for a WebAuthn > ceremony, which the browser passes through to the authenticator without > modification. This enables remote desktop web clients to forward WebAuthn > requests with the exact clientDataJSON from the remote host, preventing > signature verification failures caused by differences between the > browser-constructed and host-provided clientDataJSON. > > *Blink component* > Blink>WebAuthentication > <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EWebAuthentication%22> > > *Web Feature ID* > webauthn <https://webstatus.dev/features/webauthn> > > *Motivation* > The remoteClientDataJSON extension for the Web Authentication API allows a > caller to provide a complete clientDataJSON string for a WebAuthn ceremony, > which the browser passes through to the authenticator without modification. > This enables remote desktop web clients to forward WebAuthn requests with > the exact clientDataJSON from the remote host, preventing signature > verification failures caused by differences between the browser-constructed > and host-provided clientDataJSON. > > *Initial public proposal* > https://github.com/w3c/webauthn/pull/2375 > > *Goals for experimentation* > None > > *Requires code in //chrome?* > True > > *Tracking bug* > https://issues.chromium.org/issues/506062130 > > *Estimated milestones* > > No milestones specified > > > *Link to entry on the Chrome Platform Status* > https://chromestatus.com/feature/5127601250238464?gate=6194074211188736 > > This intent message was generated by Chrome Platform Status > <https://chromestatus.com>. > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/69eba302.710a0220.18de8c.0119.GAE%40google.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/69eba302.710a0220.18de8c.0119.GAE%40google.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5DLQTtwuOO3LRboTxDjj46iTe2c7roUCx%3DQfyR3LT8EZAw%40mail.gmail.com.
