The idea @jeisinger had for cookies/`document.domain` is that if the port is 443 and scheme https (or 80 and http, but that's not applicable here), you only allow that port. If it's any other port, it can go cross-port. -- GitHub Notification of comment by annevk Please view or discuss this issue at https://github.com/w3c/webauthn/issues/873#issuecomment-382605613 using your GitHub accountReceived on Thursday, 19 April 2018 04:18:32 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:32 UTC