- From: Boris Zbarsky via GitHub <sysbot+gh@w3.org>
- Date: Mon, 07 Nov 2016 00:41:56 +0000
- To: public-webauthn@w3.org
> nominally steps 4 - 7 (inclusive) of the domain attribute setter defined hereabouts OK. So if a page is loaded from "https://foo.bar.com" and then sets document.domain to "bar.com", should it be able to use "foo.bar.com" as its rpId? Sounds to me like you're saying it shouldn't be able to.... > So, by "extract the algorithm" you mean to say Yes. Again, assuming the desired behavior is similar enough that this makes sense. -- GitHub Notification of comment by bzbarsky Please view or discuss this issue at https://github.com/w3c/webauthn/issues/256#issuecomment-258724292 using your GitHub account
Received on Monday, 7 November 2016 00:42:02 UTC