Changed wording to spell out localhost

w3c · Feb 14, 2024 · 85d28a3 · 85d28a3
1 parent b4ce93e
commit 85d28a3
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/index.bs b/index.bs
@@ -1341,7 +1341,9 @@ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "S
         Note: An [=RP ID=] is based on a [=host=]'s [=domain=] name. It does not itself include a [=scheme=] or [=port=], as an [=origin=] does. The [=RP ID=] of a [=public key credential=] determines its <dfn>scope</dfn>. I.e., it <dfn>determines the set of origins on which the public key credential may be exercised</dfn>, as follows:
 
             - The [=RP ID=] must be equal to the [=determines the set of origins on which the public key credential may be exercised|origin=]'s [=effective domain=], or a [=is a registrable domain suffix of or is equal to|registrable domain suffix=] of the [=determines the set of origins on which the public key credential may be exercised|origin=]'s [=effective domain=].
-            - The [=determines the set of origins on which the public key credential may be exercised|origin=]'s [=scheme=] must be `https`, or considered a [=secure context=].
+            - One of the following is true:
+                - The [=determines the set of origins on which the public key credential may be exercised|origin=]'s [=scheme=] is `https`.
+                - The [=determines the set of origins on which the public key credential may be exercised|origin=] is `localhost` and the [=scheme=] is `http`.
             - The [=determines the set of origins on which the public key credential may be exercised|origin=]'s [=port=] is unrestricted.
 
         For example, given a [=[RP]=] whose origin is `https://login.example.com:1337`, then the following [=RP ID=]s are valid: `login.example.com` (default) and `example.com`, but not `m.login.example.com` and not `com`.