Skip to content

Commit

Permalink
allow http://localhost origins
Browse files Browse the repository at this point in the history
  • Loading branch information
@joostd
joostd committed Mar 28, 2024
1 parent 7b87d82 commit 336252a
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 4 deletions.
5 changes: 3 additions & 2 deletions fido2/rpid.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,9 +61,10 @@ def verify_rp_id(rp_id: str, origin: str) -> bool:
return False

url = urlparse(origin)
if url.scheme != "https":
return False
host = url.hostname
if url.scheme != "https":
if url.scheme != "http" or host != 'localhost':
return False
if host == rp_id:
return True
if host and host.endswith("." + rp_id) and rp_id not in suffixes:
Expand Down
5 changes: 3 additions & 2 deletions fido2/server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -450,9 +450,10 @@ def verify_app_id(app_id: str, origin: str) -> bool:
:return: True if the App ID is usable by the origin, False if not.
"""
url = urlparse(app_id)
if url.scheme != "https":
return False
hostname = url.hostname
if url.scheme != "https":
if url.scheme != "http" or hostname != 'localhost':
return False
if not hostname:
return False
return verify_rp_id(hostname, origin)
Expand Down

0 comments on commit 336252a

Please sign in to comment.