Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add topOrigin to clientData for cross-origin GET in iframe #1842

Closed
timcappalli opened this issue Jan 25, 2023 · 2 comments
Closed

Add topOrigin to clientData for cross-origin GET in iframe #1842

timcappalli opened this issue Jan 25, 2023 · 2 comments
Assignees
@timcappalli
Labels
type:technical

Comments

@timcappalli
Copy link
Member

timcappalli commented Jan 25, 2023
edited
Loading

This issue is to track the change discussed in the last WebAuthn call about adding the following for cross-origin GET in an frame:

This will match the changes being added in #1801 for create. PR coming in the next few weeks.
@timcappalli timcappalli self-assigned this Jan 25, 2023
@stephenmcgruer stephenmcgruer mentioned this issue Feb 27, 2023
Merged
@timcappalli timcappalli mentioned this issue Apr 21, 2023
Merged
@Kieun
Copy link
Member

Kieun commented May 2, 2023

In the latest editor's draft, topOrigin is missing in the get method's processing step 10.

Let collectedClientData be a new CollectedClientData instance whose fields are:
type
The string "webauthn.get".
challenge
The base64url encoding of pkOptions.challenge
origin
The serialization of callerOrigin.
crossOrigin
The inverse of the value of the sameOriginWithAncestors argument passed to this internal method.

@timcappalli
Copy link
Member Author

Good catch @Kieun! TYVM. Addressed in #1891

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@timcappalli timcappalli

Labels
type:technical
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@timcappalli @Kieun