Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mozilla feedback: Related Origins #2186

Merged
merged 2 commits into from
Nov 13, 2024
Merged

Mozilla feedback: Related Origins #2186

merged 2 commits into from
Nov 13, 2024

Conversation

timcappalli
Copy link
Member

@timcappalli timcappalli commented Oct 23, 2024
edited by pr-preview bot
Loading

mozilla/standards-positions#1052 (comment)

Addresses Mozilla's feedback around Related Origins.

  • Requires well-known to be served via HTTPS by the RP
  • Requires https: scheme for all well-known calls by the client
  • Requires https: for all redirects
  • Requires calls by client to well-known endpoint to not be credentialed and not include referrer

/ghcc @dveditz

The following tasks have been completed:

  • Modified Web platform tests (link)

Implementation commitment:

Documentation and checks

  • Affects privacy
  • Affects security
  • Updated explainer (link)

Preview | Diff

@nadalin nadalin requested a review from 6lackknight October 23, 2024 18:40
@timcappalli
Copy link
Member Author

Spoke to @g-davidson offline (as he is unable to approve in Github for some reason) and he is OK with these changes.

@timcappalli timcappalli removed the request for review from 6lackknight October 30, 2024 20:40
@timcappalli timcappalli merged commit b287006 into level3 Nov 13, 2024
2 checks passed
@timcappalli timcappalli deleted the tc-relatedorigins-tweaks branch November 13, 2024 20:19
emlun
emlun reviewed Nov 13, 2024
View reviewed changes
Copy link
Member

@emlun emlun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

agl pushed a commit that referenced this pull request Nov 13, 2024
Merge pull request #2186 from w3c/tc-relatedorigins-tweaks
d543bd3 
Mozilla feedback: Related Origins

(This change landed on the `level3` branch, but we need it on the main
branch too because a) we don't want to lose it in level four and b)
we're going to recut the `level3` branch due to the number of changes
that would otherwise need to be cherry-picked across.)
@w3c w3c deleted a comment Nov 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emlun emlun emlun left review comments

@akshayku akshayku akshayku approved these changes

@selfissued selfissued selfissued approved these changes

@MasterKale MasterKale MasterKale approved these changes

@agl agl agl approved these changes

Assignees

@timcappalli timcappalli

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@timcappalli @agl @emlun @MasterKale @selfissued @akshayku