Remove note on IdP to validate nonce (#582) (#583)

obfuscoder · Kai Lehmann · npm1 · commit 8e4282985d8b · 2024-09-18T16:53:24.000-04:00
Co-authored-by: Kai Lehmann &lt;kai.lehmann@1und1.de&gt;
diff --git a/spec/index.bs b/spec/index.bs
@@ -2047,8 +2047,6 @@ the <a http-header>Origin</a> header value is represented by the
 [=IDP=]-specific, the [=user agent=] cannot perform this check.
 </div>
 
-Note: An [=IDP=] should validate the nonce, if present, to prevent CSRF-style attacks.
-
 The response body must be a JSON object that can be [=converted to an IDL value|converted=] to an {{IdentityProviderToken}} without an exception.
 
 Every {{IdentityProviderToken}} is expected to have members with the following semantics:
