You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There's a field in the passkey that indicates if it was created via cross-site request (which may be required for sites that have an API on a different domain than the site is hosted on). https://web.dev/articles/webauthn-related-origin-requests
It's not clear that we have a use case to support this as our passkey request always comes from the same domain, but it's possible that some embedded wallets are hosted across multiple domains and would want to make use of this?
It's not clear if we should explicitly forbid this in an attempt to prevent people from abusing this, or if we should implicitly allow it in hopes that someone can use this productively.
The text was updated successfully, but these errors were encountered:
There's a field in the passkey that indicates if it was created via cross-site request (which may be required for sites that have an API on a different domain than the site is hosted on). https://web.dev/articles/webauthn-related-origin-requests
It's not clear that we have a use case to support this as our passkey request always comes from the same domain, but it's possible that some embedded wallets are hosted across multiple domains and would want to make use of this?
It's not clear if we should explicitly forbid this in an attempt to prevent people from abusing this, or if we should implicitly allow it in hopes that someone can use this productively.
The text was updated successfully, but these errors were encountered: