Re: [webauthn] callerOrigin isn't actually the origin of the caller; it's the origin of the callee

From: Domenic Denicola via GitHub <sysbot+gh@w3.org> Date: Thu, 29 Dec 2016 02:03:04 +0000 To: public-webauthn@w3.org Message-ID: <issue_comment.created-269571042-1482976983-sysbot+gh@w3.org> · This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:24 UTC

Yes; the idea is to minimize the number of places one ever checks the 
caller's anything (especially origin). Why does this spec want to 
introduce a new way of doing so? It's generally a very confusing 
programming model for developers with some security drawbacks as well.

-- 
GitHub Notification of comment by domenic
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/271#issuecomment-269571042 
using your GitHub account