From 2d1752ebb24f99e9a2b5ac94e3363902ae8128e1 Mon Sep 17 00:00:00 2001 From: Kai Lehmann <1779230+obfuscoder@users.noreply.github.com> Date: Wed, 15 May 2024 22:25:31 +0200 Subject: [PATCH] Remove note on IdP to validate nonce (#582) (#583) Co-authored-by: Kai Lehmann --- spec/index.bs | 2 -- 1 file changed, 2 deletions(-) diff --git a/spec/index.bs b/spec/index.bs index 4e87033c..f7a08677 100644 --- a/spec/index.bs +++ b/spec/index.bs @@ -2130,8 +2130,6 @@ the Origin header value is represented by the [=IDP=]-specific, the [=user agent=] cannot perform this check. -Note: An [=IDP=] should validate the nonce, if present, to prevent CSRF-style attacks. - The response body must be a JSON object that can be [=converted to an IDL value|converted=] to an {{IdentityProviderToken}} without an exception. Every {{IdentityProviderToken}} is expected to have members with the following semantics: