Closed cbiesinger closed 2 months ago
Maybe edit your description so that is actually links the issue?
Maybe edit your description so that is actually links the issue?
Could've sworn I already did that... anyway, done now.
@bvandersloot-mozilla , does this look reasonable to you?
Overall this is reasonable due to the scoping of cookies to site anyway.
Thanks for the review! Will merge this PR once the repo is migrated to the WG.
I wonder if we should consider using a permission policy rather than a strict ancestor check though.
It would not be very useful for the IdP to be allowed to change its login status if it does not have cookie access, hence why we did not consider adding permissions policy.
Some IDPs have their login on one subdomain but the FedCM endpoint on a different subdomain, and this change lets them set the login status on the correct origin.
Bug: #537
Preview | Diff