Open marcoscaceres opened 3 weeks ago
What's an example of an invalid domain?
I assume you don't plan to do any TLSA or DNSSEC checks. The domain could be any DNS resolvable IDNA, according to UTS46.
Right?
navigator.identity
is already protected under SecureContext
, wouldn't this already cover "origin is opaque origin?" and "is the effective domain a valid domain?"?
When calling
.get()
, we need to check:As with Web Auth, we probably don't want IP addresses being compared here.