[Webkit-unassigned] [Bug 196046] New: [WebAuthN] Implement gstatic AppID comparison exception

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Mar 20 17:36:30 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=196046

            Bug ID: 196046
           Summary: [WebAuthN] Implement gstatic AppID comparison
                    exception
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Platform
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: aczeskis at google.com

For historical reasons (being the first U2F implementor) Google uses a non-standard (cross-origin) AppID.  The App ID is “www.gstatic.com” for logins to “google.com” and its subdomains.

This bug requests an exception on the cross-origin check for valid AppIds in the case of google.com and gstatic.com.

Both Chrome and Firefox already make this exception.

Firefox tracking bug and implementation:
  https://bugzilla.mozilla.org/show_bug.cgi?id=1436078

Chrome's implementation:
  https://cs.chromium.org/chromium/src/content/browser/webauth/authenticator_common.cc?l=252&rcl=4d674f923c5a1f03b2262132cb621a3db78f7562

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190321/7c732c43/attachment.html>

More information about the webkit-unassigned mailing list