fix: add WebAuthn permissions to Permissions-Policy header (#2482)

Larkooo · claude · web-flow · commit 380f2f79fbbb · 2026-03-10T10:26:51.000-10:00
## Summary - Adds `publickey-credentials-create=*` and `publickey-credentials-get=*` to the `Permissions-Policy` response header in the keychain's `vercel.json` - Fixes passkey authentication/registration failing when the keychain is embedded as an iframe, because the browser was blocking WebAuthn API calls due to missing permission directives ## Test plan - [ ] Deploy to preview and verify passkeys work in an iframe-embedded keychain - [ ] Verify both passkey registration (create) and authentication (get) flows succeed - [ ] Confirm no regression on direct (non-iframe) passkey usage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
diff --git a/packages/keychain/vercel.json b/packages/keychain/vercel.json
@@ -17,7 +17,7 @@
         },
         {
           "key": "Permissions-Policy",
-          "value": "camera=(), microphone=(), geolocation=()"
+          "value": "camera=(), microphone=(), geolocation=(), publickey-credentials-create=*, publickey-credentials-get=*"
         }
       ]
     },

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@`
`17`	`17`	`},`
`18`	`18`	`{`
`19`	`19`	`"key": "Permissions-Policy",`
`20`		`- "value": "camera=(), microphone=(), geolocation=()"`
	`20`	`+ "value": "camera=(), microphone=(), geolocation=(), publickey-credentials-create=, publickey-credentials-get="`
`21`	`21`	`}`
`22`	`22`	`]`
`23`	`23`	`},`