Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify "The login status of a cross-origin domain must not be observable by a page itself." #2

Open
caraitto opened this issue Oct 17, 2023 · 0 comments
Open

Clarify "The login status of a cross-origin domain must not be observable by a page itself." #2

caraitto opened this issue Oct 17, 2023 · 0 comments

Comments

@caraitto
Copy link

In https://github.com/fedidcg/login-status, it says "The login status of a cross-origin domain must not be observable by a page itself".

I was a little confused about this -- IIUC, does this mean that if I'm on a page with a top level frame of rp1.com, I shouldn't be able to learn that rp2.com is logged in via idp1.com, even if rp1.com is itself logged in via idp1.com (rp being relying party, idp being identity provider)? But, it's OK for rp1.com to know that it's logged in via idp1.com?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@caraitto