Bug 242091

Summary: [WebAuthn] Should reject rp with empty id
Product: WebKit Reporter: pascoe <pascoe>
Component: WebKit Misc.Assignee: pascoe <pascoe>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

pascoe@apple.com
Reported 2022-06-28 16:39:23 PDT
Not specifying an rp.id should default to the caller’s origin's effective domain, but empty / null values should be rejected per spec. https://www.w3.org/TR/webauthn-2/#sctn-createCredential
Attachments
Add attachment proposed patch, testcase, etc.
pascoe@apple.com
Comment 1 2022-06-28 16:41:26 PDT
Pull request: https://github.com/WebKit/WebKit/pull/1879
EWS
Comment 2 2022-07-05 10:42:18 PDT
Committed 252142@main (3b920f82563c): <https://commits.webkit.org/252142@main> Reviewed commits have been landed. Closing PR #1879 and removing active labels.
Radar WebKit Bug Importer
Comment 3 2022-07-05 10:43:13 PDT
<rdar://problem/96452481>
Note You need to log in before you can comment on or make changes to this bug.