- From: Mike West via GitHub <sysbot+gh@w3.org>
- Date: Wed, 05 Apr 2017 07:53:34 +0000
- To: public-webauthn@w3.org
FWIW, we're having a healthy debate internally around whether the XSS protections offered to `PasswordCredential` are worth the pain of forcing developers through Fetch, or whether we're making perfect the enemy of the good. If y'all reach similar conclusions with `ScopedCredential`, then you won't need Fetch integration. If you do need Fetch integration, I think you'll be able to piggyback on what's there for `PasswordCredential` simply by defining a body extraction algorithm. Should be straightforward. -- GitHub Notification of comment by mikewest Please view or discuss this issue at https://github.com/w3c/webauthn/issues/354#issuecomment-291782942 using your GitHub account
Received on Wednesday, 5 April 2017 07:53:40 UTC