W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2016

Re: [webauthn] Please coordinate with the HTML spec to extract the relevant bits of the document.domain setter so you can call them

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Thu, 22 Dec 2016 22:39:39 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-268906588-1482446377-sysbot+gh@w3.org>
>> nominally steps 4 - 7 (inclusive) of the domain attribute setter 
defined hereabouts

> OK.  So if a page is loaded from "https://foo.bar.com" and then sets
 document.domain to "bar.com", should it be able to use "foo.bar.com" 
as its rpId?  Sounds to me like you're saying it shouldn't be able 
to....

Our present intent (if it is correct) is that even if 
"https://foo.bar.com" is loaded and then sets document.domain to 
"bar.com", it *would* still be able to assert "foo.bar.com" as its 
rpId.




-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/256#issuecomment-268906588 
using your GitHub account
Received on Thursday, 22 December 2016 22:39:40 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:24 UTC