W3C home > Mailing lists > Public > public-webauthn@w3.org > April 2018

Re: [webauthn] Tighten security scope by port

From: Anne van Kesteren via GitHub <sysbot+gh@w3.org>
Date: Thu, 19 Apr 2018 04:18:31 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-382605613-1524111510-sysbot+gh@w3.org>
The idea @jeisinger had for cookies/`document.domain` is that if the port is 443 and scheme https (or 80 and http, but that's not applicable here), you only allow that port. If it's any other port, it can go cross-port.

-- 
GitHub Notification of comment by annevk
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/873#issuecomment-382605613 using your GitHub account
Received on Thursday, 19 April 2018 04:18:32 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:32 UTC