[webauthn] Merged Pull Request: Mozilla feedback: Related Origins from Tim Cappalli via GitHub on 2024-11-13 (public-webauthn@w3.org from November 2024)

From: Tim Cappalli via GitHub <sysbot+gh@w3.org>
Date: Wed, 13 Nov 2024 20:19:16 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.closed-2141685736-1731529154-sysbot+gh@w3.org>

timcappalli has just merged timcappalli's pull request 2186 for https://github.com/w3c/webauthn:

== Mozilla feedback: Related Origins ==
https://github.com/mozilla/standards-positions/issues/1052#issuecomment-2412388864

Addresses Mozilla's feedback around Related Origins.

- Requires well-known to be served via HTTPS by the RP
- Requires `https:` scheme for all well-known calls by the client
- Requires `https:` for all redirects
- Requires calls by client to well-known endpoint to not be credentialed and not include referrer

/ghcc @dveditz 

<!-- Remove the following for non-normative changes -->

The following tasks have been completed:

- [ ] Modified Web platform tests ([link](https://github.com/web-platform-tests/wpt/))

Implementation commitment:

- [ ] WebKit ([link to issue](https://bugs.webkit.org/))
- [ ] Chromium ([link to issue](https://issues.chromium.org/issues/new?component=1456855&template=0))
- [ ] Gecko ([link to issue](https://bugzilla.mozilla.org/home))

Documentation and checks

- [x] Affects privacy
- [x] Affects security
- [x] Updated explainer ([link](https://github.com/w3c/webauthn/wiki/Explainer:-Related-origin-requests))


<!--
    This comment and the below content is programmatically generated.
    You may add a comma-separated list of anchors you'd like a
    direct link to below (e.g. #idl-serializers, #idl-sequence):

    Don't remove this comment or modify anything below this line.
    If you don't want a preview generated for this pull request,
    just replace the whole of this comment's content by "no preview"
    and remove what's below.
-->
***
<a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/pull/2186.html" title="Last updated on Oct 23, 2024, 5:47 PM UTC (241833d)">Preview</a> | <a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/2186/efdf948...241833d.html" title="Last updated on Oct 23, 2024, 5:47 PM UTC (241833d)">Diff</a>

See https://github.com/w3c/webauthn/pull/2186


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 13 November 2024 20:19:17 UTC