Re: [webauthn] reconciling origin and RP ID handling from =JeffH via GitHub on 2017-05-26 (public-webauthn@w3.org from May 2017)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Fri, 26 May 2017 22:55:06 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-304404229-1495839304-sysbot+gh@w3.org>

@AngeloKai said:
> I am just hoping someone can explain to me why an RP should allow credential to be relaxed to a registerable domain suffix?

please see #241 "enforce strict same-origin policy on rpid" and your comment on it before we closed it: https://github.com/w3c/webauthn/issues/241#issuecomment-264337464

see also: https://github.com/w3c/webauthn/pull/464#issuecomment-303785687

-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/464#issuecomment-304404229 using your GitHub account

Received on Friday, 26 May 2017 22:55:12 UTC