diff --git a/spec/index.bs b/spec/index.bs index 4e87033c..f7a08677 100644 --- a/spec/index.bs +++ b/spec/index.bs @@ -2130,8 +2130,6 @@ the Origin header value is represented by the [=IDP=]-specific, the [=user agent=] cannot perform this check. -Note: An [=IDP=] should validate the nonce, if present, to prevent CSRF-style attacks. - The response body must be a JSON object that can be [=converted to an IDL value|converted=] to an {{IdentityProviderToken}} without an exception. Every {{IdentityProviderToken}} is expected to have members with the following semantics: