Based on the comments in OpUtil, getUafRequest() must either register a facetID with the server or check whether the client's facetID matches up with any from the list that the server has.
Is the intention here similar in concept to that of MAC address whitelisting? If so, I am curious to know the rationale for exposing all facetID's to the client via getTrustedFacets().
Can't the check for a matching facetID be done on the server side ?
Based on the comments in OpUtil,
getUafRequest()
must either register a facetID with the server or check whether the client's facetID matches up with any from the list that the server has.Is the intention here similar in concept to that of MAC address whitelisting? If so, I am curious to know the rationale for exposing all facetID's to the client via
getTrustedFacets()
.Can't the check for a matching facetID be done on the server side ?