fido: remove trailing "/" when defaulting the App ID to caller origin
In [0], the U2F spec says to default the App ID to the originating site's Facet ID, which is (with some ambiguity) defined as the origin followed by a forward slash [1]. Firefox and cryptotoken, on the other hand, default the App ID to just the origin without any trailing path component. This change aligns Chrome's behavior for App IDs in WebAuthn with that of cryptotoken and Firefox. Also adds a check to ensure requests originating from cryptotoken do not have an empty App ID because they cannot be defaulted in any meaningful way. [0] https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-appid-and-facets-v2.0-id-20180227.html#determining-if-a-caller-s-facetid-is-authorized-for-an-appid [1] https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-appid-and-facets-v2.0-id-20180227.html#determining-the-facetid-of-a-calling-application Change-Id: Iab2c18f03fb92a150b00a56a1c39490e52188e0e Reviewed-on: https://chromium-review.googlesource.com/c/1356223 Commit-Queue: Martin Kreichgauer <martinkr@chromium.org> Reviewed-by:Adam Langley <agl@chromium.org> Cr-Commit-Position: refs/heads/master@{#612533}
Showing
Please register or sign in to comment