Not specifying an rp.id should default to the caller’s origin's effective domain, but empty / null values should be rejected per spec. https://www.w3.org/TR/webauthn-2/#sctn-createCredential
Pull request: https://github.com/WebKit/WebKit/pull/1879
Committed 252142@main (3b920f82563c): <https://commits.webkit.org/252142@main> Reviewed commits have been landed. Closing PR #1879 and removing active labels.
<rdar://problem/96452481>