We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Both §7. WebAuthn Relying Party Operations instructs to validate CollectedClientData.origin and .topOrigin (if present), but do not reference crossOrigin at all.
CollectedClientData.origin
.topOrigin
crossOrigin
Add a step to verify crossOrigin in the RP operations. For example:
If C.crossOrigin is present and set to true, verify that the Relying Party expects that this credential would have been created within an iframe that is not same-origin with its ancestors.
true
The text was updated successfully, but these errors were encountered:
Serialization requires crossOrigin, so the conditional "if" is not needed:
If C.crossOrigin is set to true, verify that the Relying Party expects that this credential would have been created within an iframe that is not same-origin with its ancestors.
Related, should topOrigin validation be a sub-step since it should never be set when crossOrigin is false?
topOrigin
false
Sorry, something went wrong.
emlun
Successfully merging a pull request may close this issue.
Both §7. WebAuthn Relying Party Operations instructs to validate
CollectedClientData.origin
and.topOrigin
(if present), but do not referencecrossOrigin
at all.Proposed Change
Add a step to verify
crossOrigin
in the RP operations. For example:The text was updated successfully, but these errors were encountered: