1 files changed, 21 insertions, 0 deletions

diff --git a/chromium/chrome/browser/extensions/api/cryptotoken_private/cryptotoken_private_api.cc b/chromium/chrome/browser/extensions/api/cryptotoken_private/cryptotoken_private_api.cc
index da020fe3416..0a4dc66eb5e 100644
--- a/chromium/chrome/browser/extensions/api/cryptotoken_private/cryptotoken_private_api.cc
+++ b/chromium/chrome/browser/extensions/api/cryptotoken_private/cryptotoken_private_api.cc
@@ -25,6 +25,10 @@
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "url/origin.h"
 
+#if defined(OS_WIN)
+#include "device/fido/win/webauthn_api.h"
+#endif  // defined(OS_WIN)
+
 namespace {
 
 // U2FAttestationPromptResult enumerates events related to attestation prompts.
@@ -209,6 +213,23 @@ CryptotokenPrivateCanAppIdGetAttestationFunction::Run() {
     return RespondNow(OneArgument(std::make_unique<base::Value>(true)));
   }
 
+#if defined(OS_WIN)
+  // If the request was handled by the Windows WebAuthn API on a version of
+  // Windows that shows an attestation permission prompt, don't show another
+  // one.
+  //
+  // Note that this does not account for the possibility of the
+  // WinWebAuthnApi having been disabled by a FidoDiscoveryFactory override,
+  // which may be done in tests or via the Virtual Authenticator WebDriver
+  // API.
+  if (base::FeatureList::IsEnabled(device::kWebAuthUseNativeWinApi) &&
+      device::WinWebAuthnApi::GetDefault()->IsAvailable() &&
+      device::WinWebAuthnApi::GetDefault()->Version() >=
+          WEBAUTHN_API_VERSION_2) {
+    return RespondNow(OneArgument(std::make_unique<base::Value>(true)));
+  }
+#endif  // defined(OS_WIN)
+
   // Otherwise, show a permission prompt and pass the user's decision back.
   const GURL app_id_url(app_id);
   EXTENSION_FUNCTION_VALIDATE(app_id_url.is_valid());