torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add CORS support for Cross-Device Authentication in passkey handling
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 45s
Details

Browse Source 
Enhance authentication options in the server API by adding CORS headers to support cross-device authentication. Implement handling for preflight OPTIONS requests and increase timeout for registration and authentication processes to 5 minutes, improving user experience and compatibility across devices.
This commit is contained in:
Torsten Schulz (local)
2026-01-07 20:59:48 +01:00
parent 3d9b6b57dc
commit ad21534862
4 changed files with 70 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
server/api/auth/passkeys/login.post.js
View File

@@ -18,6 +18,19 @@ function findUserByCredentialId(users, credentialId) {
}
export default defineEventHandler(async (event) => {
// CORS-Header für Cross-Device Authentication
const origin = getHeader(event, 'origin')
if (origin) {
setHeader(event, 'Access-Control-Allow-Origin', origin)
setHeader(event, 'Access-Control-Allow-Credentials', 'true')
setHeader(event, 'Access-Control-Allow-Methods', 'POST, OPTIONS')
setHeader(event, 'Access-Control-Allow-Headers', 'Content-Type, Authorization')
}
if (getMethod(event) === 'OPTIONS') {
return { success: true }
}
const ip = getClientIp(event)
const body = await readBody(event)
const response = body?.credential