src="https://短縮.jp/24r2clbz" (redirect to https://webauthn-codelab.glitch.me/) and allow="publickey-credentials-get https://短縮.jp"
authentication fails.

src="https://短縮.jp/24r2clbz" (redirect to https://webauthn-codelab.glitch.me/) and allow="publickey-credentials-get 'src'
authentication fails.

src="https://短縮.jp/24r2clbz" (redirect to https://webauthn-codelab.glitch.me/) and allow="publickey-credentials-get"
authentication fails.

src="https://短縮.jp/24r2clbz" (redirect to https://webauthn-codelab.glitch.me/) and allow="publickey-credentials-get https://webauthn-codelab.glitch.me"

src="https://短縮.jp/24r2clbz" (redirect to https://webauthn-codelab.glitch.me/) and allow="publickey-credentials-get *"

iframe within iframe and allow="publickey-credentials-get *"

iframe within iframe and allow="publickey-credentials-get"

iframe within iframe and allow="publickey-credentials-get https://webauthn-codelab.glitch.me"
authentication fails.

webauthn.io
authentication fails because set-cookie fails (without SameSite=None)
ref: https://github.com/duo-labs/webauthn.io/blob/c031a3e0f95d5964f11da23d2bb6fd05b3a7192c/session/session.go#L28