[webauthn] CollectedClientData.crossOrigin default value and whether it is required (#1631) from =JeffH via GitHub on 2021-06-19 (public-webauthn@w3.org from June 2021)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Sat, 19 Jun 2021 00:29:36 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-925276761-1624062574-sysbot+gh@w3.org>

equalsJeffH has just created a new issue for https://github.com/w3c/webauthn:

== CollectedClientData.crossOrigin default value and whether it is required ==
`CollectedClientData.crossOrigin` is defined like so:
```
dictionary CollectedClientData {
    [ ... ]
    boolean                      crossOrigin;
    [ ... ]
};
```
In examining both the `[[Create]]()` and `[[DiscoverFromExternalSource]]()` methods, as well as the CollectedClientData serialization, it appears that `crossOrigin` is invariably added to `collectedClientData`, and that it's default value is (effectively) False.

Did we _not_ stipulate it as `required` in the above WebIDL declaration for backwards compatiblity reasons?

In any case, I think it'd be good to add a note along these lines (to help obviate grovelling thru the spec to figure this out):
> crossOrigin, of type boolean
>         This member contains the inverse of the sameOriginWithAncestors argument value that was passed into the internal method.
>       Note: This member is always added to `CollectedClientData` by the `[[Create]]()` and `[[DiscoverFromExternalSource]]()` methods. If for some reason it is not present in `CollectedClientData`, and the Section 5.8.1.1 Serialization is used, it defaults to False.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1631 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Saturday, 19 June 2021 00:29:45 UTC