Re: [webauthn] adds Related Origin Requests (#2040) from Tim Cappalli via GitHub on 2024-06-26 (public-webauthn@w3.org from June 2024)

From: Tim Cappalli via GitHub <sysbot+gh@w3.org>
Date: Wed, 26 Jun 2024 17:50:38 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2192298836-1719424236-sysbot+gh@w3.org>

https://github.com/w3c/webauthn/pull/2040/commits/e4f24d9b3d1ec57f2dad79d6c210285699f4bda8 should address the issue where a new origin is added to the well-known that matches an existing label, but the max label count was already hit.

Some code to prove out the updated algorithm:

```javascript
// UPDATED LOGIC TO ADDRESS NEW ORIGINS WITH EXISTING LABELS

var psl = require('psl');

const MAX_LABELS = 5;

const WELL_KNOWN = {
  origins: [
    "https://shopping.sg",
    "https://shopping.co.uk",
    "https://otherdomain1.com",
    "https://otherdomain2.com",
    "https://otherdomain3.com",
    "https://shopping.ie",
    "https://otherdomain4.com",
    "https://otherdomain5.com",
    "https://otherdomain4.sg",
    "https://shopping.ms"
  ]
}

function checkCurrentOrigin(callingOrigin) {
  const labelsSeen = new Set();
  
  console.log(`Calling Origin: ${callingOrigin}`);

  for (const origin of WELL_KNOWN.origins) {
    console.log("--------------")
    console.log(`[0] START WK Origin: ${origin}`);

    const url = new URL(origin);
    console.log(`[1] WK URL: ${url}`);

    let domain = url.hostname;
    console.log(`[2] WK Domain: ${domain}`);

    if (!domain) continue;

    // grab eTLD+1 label
    const parsed = psl.parse(domain)
    console.log(`[3] WK Parsed: ${JSON.stringify(parsed)}`);

    const label = parsed.sld;
    console.log(`[4] WK Label: ${label}`);

    if (labelsSeen.size >= MAX_LABELS && !labelsSeen.has(label)) {
      console.log(`New label found, but limit exceeded, moving to next orign`);
      continue
    } ;

    if (`${callingOrigin}` == `${url.origin}`) return true;

    if (labelsSeen.has(label)) {
      console.log(`[5] label found`);
      console.log("moving to next origin...")
      continue;
    }

    if (labelsSeen.size < MAX_LABELS) {
      console.log(`[6] adding label: ${label}`);
      labelsSeen.add(label);
    }
    console.log(`labels seen: ${Array.from(labelsSeen)}`);
    console.log(`...got to end of loop`);
  }
  return false;
}

const callingOrigin = "https://shopping.ms"
console.log(checkCurrentOrigin(callingOrigin));
``

-- 
GitHub Notification of comment by timcappalli
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2040#issuecomment-2192298836 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 26 June 2024 17:50:39 UTC