Re: [webauthn] callerOrigin isn't actually the origin of the caller; it's the origin of the callee

Yes; the idea is to minimize the number of places one ever checks the 
caller's anything (especially origin). Why does this spec want to 
introduce a new way of doing so? It's generally a very confusing 
programming model for developers with some security drawbacks as well.

GitHub Notification of comment by domenic
Please view or discuss this issue at 
using your GitHub account

Received on Thursday, 29 December 2016 02:03:10 UTC