- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Thu, 29 Dec 2016 01:50:01 +0000
- To: public-webauthn@w3.org
> callerOrigin in https://w3c.github.io/webauthn/#dom-webauthentication-makecredential step 3 is defined as the "current settings origin". That means it's the origin of the callee function, which may or may not match the origin of the caller. And either one of those two might or might not match the origin of the WebAuthentication object itself, of course. OK, I have been looking into this and have a question for @bzbarsky and @domenic: in our particular case of crafting the `makeCredential()` and `getAssertion()` algorithms, is this the (or "a") correct way to obtain the "caller's origin": * let |callerOrigin| be the [incumbent settings object](https://html.spec.whatwg.org/#incumbent-settings-object)'s origin. ..? The overall apparently applicable section of [HTML](https://html.spec.whatwg.org/) is: https://html.spec.whatwg.org/#realms-settings-objects-global-objects -- yes? -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/271#issuecomment-269569948 using your GitHub account
Received on Thursday, 29 December 2016 01:50:07 UTC