Re: [webauthn] Clarify 127.0.0.1 in spec (#1204) from gmandyam via GitHub on 2019-05-19 (public-webauthn@w3.org from May 2019)

From: gmandyam via GitHub <sysbot+gh@w3.org>
Date: Sun, 19 May 2019 04:46:24 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-493726751-1558241183-sysbot+gh@w3.org>

Just to let you know, I did confirm that Chrome does not consider 127.0.0.1 (or to be more precise 127.0.0.1:80) to be a secure context, but will accept the same page from localhost as a secure context and will allow a Webauthn caller.  FF accepts 127.0.0.1:80.  

I really fail to understand why this would be considered a positive, if two different implementors have a different interpretation of what constitutes a secure context.  Which one is is implementing the spec correctly?

-- 
GitHub Notification of comment by gmandyam
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1204#issuecomment-493726751 using your GitHub account

Received on Sunday, 19 May 2019 04:46:25 UTC