Common RP ID in Related Origin Requests

100 views

Skip to first unread message

hetin k

unread,

Jul 10, 2025, 12:58:00 PMJul 10

to FIDO Dev (fido-dev)

Hi Team,

If example.com is selected as the common RP ID, all other domains—such as example.in, example.eu, and example.au—will make cross-origin requests to the .well-known URL hosted on example.com.

Could this cross-domain API call raise any compliance concerns (e.g., GDPR or other regional data protection regulations)?

Tim Cappalli

unread,

Jul 11, 2025, 5:52:01 AMJul 11

to hetin k, FIDO Dev (fido-dev)

That is something your legal / compliance team should determine for your organization before utilizing the capability.

From: [email protected] <[email protected]> on behalf of hetin k <[email protected]>
Sent: Thursday, July 10, 2025 3:49:53 PM
To: FIDO Dev (fido-dev) <[email protected]>
Subject: [FIDO-DEV] Common RP ID in Related Origin Requests

Hi Team,

If example.com is selected as the common RP ID, all other domains—such as example.in, example.eu, and example.au—will make cross-origin requests to the .well-known URL hosted on example.com.

Could this cross-domain API call raise any compliance concerns (e.g., GDPR or other regional data protection regulations)?

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To view this discussion visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/c08564a3-e78e-4746-8d78-735ac4a807f8n%40fidoalliance.org.

Reply all

Reply to author

Forward

0 new messages