search

w3c-fedid / FedCM

A privacy preserving identity exchange Web API
https://w3c-fedid.github.io/FedCM/
Other
375 stars 72 forks source link

Skip well-known check if RP and IDP are in the same site. #535

Closed cbiesinger closed 9 months ago

cbiesinger commented 9 months ago

The check provides no privacy benefit (because they can share information using domain cookies) and makes it harder to test FedCM in certain staging setups.

Preview | Diff

cbiesinger commented 9 months ago

I recommend ignoring whitespace changes when reviewing this...

cbiesinger commented 9 months ago

@bvandersloot-mozilla does this look reasonable to you?