-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AEX-2: Drop identifiers #29
Comments
Using different |
It means that AEX-2 trying to handle too much, let's make it simpler. We shouldn't ignore features with greater security because of our universal standards. Maybe we can extract identification into a separate standard and apply when it is necessary? |
AEX-2 is adding an identifier but you can always use the features provided by the |
#40 (comment) probably proves that identifiers are not needed at all or they should be reimplemented |
I was thinking that identifiers are made for one of the cases from #40. If it is "out of scope", then I can't find any reasoning for identification mechanics and proposing to drop it. |
Solved in #57 |
Some transports like
postMessage
interface provide own identification mechanisms. That in the case ofpostMessage
interface (origin
field) even more secure that proposed solution, because of theorigin
field provided by a browser so can't be faked. This makes reasonable to make identifiers proposed by AEX-2 optional.The text was updated successfully, but these errors were encountered: