- From: Adam Langley via GitHub <sysbot+gh@w3.org>
- Date: Fri, 03 May 2019 23:57:42 +0000
- To: public-webauthn@w3.org
> http://localhost shoulden't be allowed as a RPID because the https: scheme is required unless I am missing something significant. A secure origin is required. HTTPS is one option for that, but there [are others](https://www.w3.org/TR/secure-contexts/#is-origin-trustworthy). > Is https://localhost even possible? Yes. Either add an exception for an invalid certificate or create a local CA and issue a certificate for `localhost`. > What is the RPID for https://localhost? `localhost` > Modifying the hosts file is supposed to override DNS. That's true, but I must be misunderstanding you. The original wording was “all domain names that resolve to 127.0.0.1” but I can edit a file here and make `foo.google.com` resolve to 127.0.0.1, but I can't see that it helps anything if that causes the RP ID for https://foo.google.com to be `localhost`. -- GitHub Notification of comment by agl Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1204#issuecomment-489273555 using your GitHub account
Received on Friday, 3 May 2019 23:57:44 UTC