- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Tue, 28 Nov 2017 19:15:04 +0000
- To: public-webauthn@w3.org
NOTE: this issue was _at least_ "improved" by this recent merged-in change to [CredMan](https://w3c.github.io/webappsec-credential-management/): PR w3c/webappsec-credential-management#114 "[Remove the blanket restriction against nested usage](https://github.com/w3c/webappsec-credential-management/pull/114)". We _could_ declare that this "[sameOriginWithAncestors](https://w3c.github.io/webappsec-credential-management/#same-origin-with-its-ancestors)" approach "fixes" this issue if we feel that RPs do not need the functionality of being able to declare "top-level only" or not, and having [sameOriginWithAncestors](https://w3c.github.io/webappsec-credential-management/#same-origin-with-its-ancestors) as the default functionality is sufficient. WDYT? -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/374#issuecomment-347632509 using your GitHub account
Received on Tuesday, 28 November 2017 19:15:05 UTC