Note: because the schemes of an origin-bound one-time code's top-level and embedded origins are always "https", assisting the user with providing origin-bound one-time codes is only available in secure contexts. If the above steps returned failure, the User Agent should not assist the user with providing the origin-bound one-time code's code to the website. If the above steps returned "site", the User Agent should indicate the origin-bound one-time code's top-level and embedded origins to the user when assisting them. If the above steps returned "origin" or "site", the User Agent may assist the user with providing the origin-bound one-time code's code to the website. If context’s active document's origin is same site with otc’s top-level origin, return "site". If context’s active document's origin is same origin with otc’s top-level origin, return match type. If context is not a top-level browsing context, return failure. If context’s active document's origin is same site with neither otc’s embedded origin nor otc’s top-level origin, return failure. If context’s active document's origin is same origin with neither otc’s embedded origin nor otc’s top-level origin, set match type to "site". While context is not a top-level browsing context, run these steps: Set context to its parent browsing context. If otc’s embedded origin is not same site with doc’s origin, return failure. If otc’s embedded origin is not same origin with doc’s origin, set match type to "site". If otc’s embedded origin is null, return failure. If otc’s top-level origin is same site with doc’s origin, return "site". If otc’s top-level origin is same origin with doc’s origin, return "origin". If otc’s embedded origin is not null, return failure. If context is a top-level browsing context. If doc is not the active document of a browsing context, return failure. User Agents determine whether or not to assist the user to provide an origin-bound one-time code to a website with origin-bound one-time code otc and Document doc by running these steps: Note: This specification does not impose any requirements or restrictions on the use of one-time codes which are not origin-bound one-time codes. Sites can use features like autocomplete=one-time-code to hint to User Agents that they could assist the user with providing a one-time code to the website. Many User Agents help users fill out forms on websites. (( "https", "", null, null), ( "https", "ecommerce.example", null, null), "747723") is an origin-bound one-time code whose origin is ( "https", "", null, null), whose embedded origin is ( "https", "ecommerce.example", null, null), and whose code is "747723".
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |