Re: [webauthn] callerOrigin isn't actually the origin of the caller; it's the origin of the callee from Domenic Denicola via GitHub on 2016-12-29 (public-webauthn@w3.org from December 2016)

From: Domenic Denicola via GitHub <sysbot+gh@w3.org>
Date: Thu, 29 Dec 2016 02:03:04 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-269571042-1482976983-sysbot+gh@w3.org>

Yes; the idea is to minimize the number of places one ever checks the 
caller's anything (especially origin). Why does this spec want to 
introduce a new way of doing so? It's generally a very confusing 
programming model for developers with some security drawbacks as well.

-- 
GitHub Notification of comment by domenic
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/271#issuecomment-269571042 
using your GitHub account

Received on Thursday, 29 December 2016 02:03:10 UTC