Hacker News new | past | comments | ask | show | jobs | submit login

> but I bet "the same domain as one of the recorded login URLs" is sufficient.

What is that a quote from? I cannot find it in the spec here:

https://wicg.github.io/change-password-url/index.html




Sorry, intended as a hypothetical suggestion, not a quote.


Oh understood. Yeah that suggestion would fix my concerns almost wholesale. They just need to think about scoping it to e.g. domain, subdomain, etc.




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: