clientDataJSON->topOrigin; if ($topOrigin === null) { return; } if ($authenticatorResponse->clientDataJSON->crossOrigin !== true) { throw AuthenticatorResponseVerificationException::create('The response is not cross-origin.'); } if ($this->topOriginValidator === null) { (new HostTopOriginValidator($host))->validate($topOrigin); } else { $this->topOriginValidator->validate($topOrigin); } } }