Usage of "effective domain" seems wrong

w3c / webauthn

Web Authentication: An API for accessing Public Key Credentials

https://w3c.github.io/webauthn/

Other

1.19k stars 172 forks source link

Usage of "effective domain" seems wrong #2205

Open annevk opened 3 days ago

annevk commented 3 days ago

No other specification really ought to use "effective domain". That's only for document.domain-related business. I suspect you just want to grab an origin's host and ignore this operation.

nicksteele commented 1 day ago

Why is it only for document.domain-related business? Unclear why we can't use effective domain.

annevk commented 1 day ago

Because the domain field is only set when document.domain is used. Generally that's an internal field for the HTML Standard.