Bug 242091 - [WebAuthn] Should reject rp with empty id
Summary: [WebAuthn] Should reject rp with empty id
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: pascoe@apple.com
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2022-06-28 16:39 PDT by pascoe@apple.com
Modified: 2022-07-05 10:43 PDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description pascoe@apple.com 2022-06-28 16:39:23 PDT 
Not specifying an rp.id should default to the caller’s origin's effective domain, but empty / null values should be rejected per spec. https://www.w3.org/TR/webauthn-2/#sctn-createCredential
Comment 1 pascoe@apple.com 2022-06-28 16:41:26 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/1879
Comment 2 EWS 2022-07-05 10:42:18 PDT 
Committed 252142@main (3b920f82563c): <https://commits.webkit.org/252142@main>

Reviewed commits have been landed. Closing PR #1879 and removing active labels.
Comment 3 Radar WebKit Bug Importer 2022-07-05 10:43:13 PDT 
<rdar://problem/96452481>