W3C home > Mailing lists > Public > public-webauthn@w3.org > January 2019

Re: [webauthn] Redirected Icon Validation (#1139)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Thu, 17 Jan 2019 20:27:10 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-455320098-1547756827-sysbot+gh@w3.org>
We do not currently process icons, so have no applicable behaviour here. However, if we did, I don't think that we would be comfortable fetching the icon when displaying the account chooser because that would disclose to the network and server that a given account was displayed. So we would likely try to fetch and cache the icon at registration time, perhaps turning it into a `data` URL. Likewise, we would not look kindly on a redirect to HTTP.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1139#issuecomment-455320098 using your GitHub account
Received on Thursday, 17 January 2019 20:27:12 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:36 UTC