This PR adds verification of the clientDataJSON.crossOrigin value, when present. RPs can use the new allowEmbeddedRegistration and allowEmbeddedAuthentication options in their corresponding verify...Response() methods to fail verification if crossOrigin is present and true when the RP does not expect the site to be embedded on a different site.
This PR adds verification of the
clientDataJSON.crossOriginvalue, when present. RPs can use the newallowEmbeddedRegistrationandallowEmbeddedAuthenticationoptions in their correspondingverify...Response()methods to fail verification ifcrossOriginis present andtruewhen the RP does not expect the site to be embedded on a different site.Fixes #613.