W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2016

Re: [webauthn] callerOrigin isn't actually the origin of the caller; it's the origin of the callee

From: Domenic Denicola via GitHub <sysbot+gh@w3.org>
Date: Thu, 29 Dec 2016 02:03:04 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-269571042-1482976983-sysbot+gh@w3.org>
Yes; the idea is to minimize the number of places one ever checks the 
caller's anything (especially origin). Why does this spec want to 
introduce a new way of doing so? It's generally a very confusing 
programming model for developers with some security drawbacks as well.

GitHub Notification of comment by domenic
Please view or discuss this issue at 
using your GitHub account
Received on Thursday, 29 December 2016 02:03:10 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:24 UTC