Re: [webauthn] Tighten security scope by port

We don't want to allow `example.com` <> `www.example.com` either, but it's there for some things due to cookies primarily. Unfortunately WebAuthn adopted that model, due to having to be compatible with cookies. The question is then if we can add some restrictions back to make the attack space less open-ended.

-- 
GitHub Notification of comment by annevk
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/873#issuecomment-383875805 using your GitHub account

Received on Tuesday, 24 April 2018 10:01:07 UTC