In https://bugs.webkit.org/show_bug.cgi?id=202427, WebKit added support for the non-standard googleLegacyAppidSupport WebAuthn request extension. If set by a google.com origin, this extension causes the WebAuthn API create() call to create a U2F API style credential bound to the hard-coded App ID `https://www.gstatic.com/securitykey/origins.json`, rather than a credential bound to a WebAuthn RP ID. Google.com stopped relying on this behavior several months ago. This means the googleLegacyAppidSupport extension is now obsolete and can be removed. (Here is Chromium’s change removing this extension: https://chromium-review.googlesource.com/c/chromium/src/+/3958174.) Note that google.com continues to rely on the ability to _assert_ legacy U2F/CTAP1 credentials bound to the `https://www.gstatic.com/securitykey/origins.json` U2F App ID for the foreseeable future.