Bug 242091

Summary: [WebAuthn] Should reject rp with empty id
Product: WebKit Reporter: pascoe <pascoe>
Component: WebKit Misc.Assignee: pascoe <pascoe>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description pascoe@apple.com 2022-06-28 16:39:23 PDT 
Not specifying an rp.id should default to the caller’s origin's effective domain, but empty / null values should be rejected per spec. https://www.w3.org/TR/webauthn-2/#sctn-createCredential
Comment 1 pascoe@apple.com 2022-06-28 16:41:26 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/1879
Comment 2 EWS 2022-07-05 10:42:18 PDT 
Committed 252142@main (3b920f82563c): <https://commits.webkit.org/252142@main>

Reviewed commits have been landed. Closing PR #1879 and removing active labels.
Comment 3 Radar WebKit Bug Importer 2022-07-05 10:43:13 PDT 
<rdar://problem/96452481>