Remove note on IdP to validate nonce (#582)

fedidcg · May 15, 2024 · 5ed1cf3 · 5ed1cf3
1 parent 82db3af
commit 5ed1cf3
Showing 1 changed file with 0 additions and 2 deletions.
diff --git a/spec/index.bs b/spec/index.bs
@@ -2045,8 +2045,6 @@ the <a http-header>Origin</a> header value is represented by the
 [=IDP=]-specific, the [=user agent=] cannot perform this check.
 </div>
 
-Note: An [=IDP=] should validate the nonce, if present, to prevent CSRF-style attacks.
-
 The response body must be a JSON object that can be [=converted to an IDL value|converted=] to an {{IdentityProviderToken}} without an exception.
 
 Every {{IdentityProviderToken}} is expected to have members with the following semantics: