Enhance WebAuthn origin handling and debug logging for passkey registration
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 48s
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 48s
Refine the WebAuthn configuration to ensure that HTTPS origins do not include ports, improving compliance with standards. Add additional debug logging in the passkey registration process to verify the webauthnOrigin and provide guidance for configuration issues, aiding in troubleshooting and enhancing the clarity of the registration flow.
This commit is contained in:
Torsten Schulz (local)
@@ -53,8 +53,16 @@ export default defineEventHandler(async (event) => {
|
||||
rpId,
|
||||
rpName,
|
||||
webauthnOrigin,
|
||||
requestOrigin
|
||||
requestOrigin,
|
||||
webauthnOriginEnv: process.env.WEBAUTHN_ORIGIN,
|
||||
baseUrlEnv: process.env.NUXT_PUBLIC_BASE_URL
|
||||
})
|
||||
|
||||
// WICHTIG: Sicherstellen, dass die Origin KEINEN Port hat
|
||||
if (webauthnOrigin.includes(':3100')) {
|
||||
console.error('[DEBUG] ERROR: webauthnOrigin contains port 3100! This will cause verification to fail.')
|
||||
console.error('[DEBUG] Fix: Set WEBAUTHN_ORIGIN=https://harheimertc.tsschulz.de (without port) in .env')
|
||||
}
|
||||
|
||||
const userId = crypto.randomUUID()
|
||||
const registrationId = crypto.randomBytes(16).toString('hex')
|
||||
|
||||
Reference in New Issue
Block a user