Hacker News new | past | comments | ask | show | jobs | submit login

> but I bet "the same domain as one of the recorded login URLs" is sufficient.

What is that a quote from? I cannot find it in the spec here:


Sorry, intended as a hypothetical suggestion, not a quote.

Oh understood. Yeah that suggestion would fix my concerns almost wholesale. They just need to think about scoping it to e.g. domain, subdomain, etc.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact