Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JSON Error #76

Open
Hispalensis opened this issue Jun 25, 2023 · 3 comments
Open

JSON Error #76

Hispalensis opened this issue Jun 25, 2023 · 3 comments
Labels
help wanted Extra attention is needed

Comments

@Hispalensis
Copy link

I tried your demo package on my webserver with PHP 8.2.0.

When "New registration" process is selected, I get the following error :

  • Safari 16.5.1 : The string did not match the expected pattern.
  • Chrome 114.0.5735.133 : Unexpected token '<', "<!DOCTYPE "... is not valid JSON

Thank you for your help
@lbuchs lbuchs added the help wanted Extra attention is needed label Jul 10, 2023
@Hispalensis
Copy link
Author

Hispalensis commented Jul 11, 2023
edited

Error alert is followed by the next message in the JavaScript Console :
https://my_web_server.com/FIDO/vendor/lbuchs/webauthn/_test/server.php?fn=processCreate&apple=1&yubico=1&solo=1&hypersecu=1&google=1&microsoft=1&mds=1&requireResidentKey=1&type_usb=1&type_nfc=1&type_ble=1&type_int=1&type_hybrid=1&fmt_android-key=1&fmt_android-safetynet=1&fmt_apple=1&fmt_fido-u2f=1&fmt_none=0&fmt_packed=1&fmt_tpm=1&rpId=my_webserver.com&userId=616c61696e&userName=alain&userDisplayName=Alain%20Tixier&userVerification=discouraged
[Error] Failed to load resource: the server responded with a status of 403 () (server.php, line 0)

@Hispalensis Hispalensis reopened this Jul 13, 2023
@Hispalensis
Copy link
Author

[Fri Jul 21 21:27:46 2023]
[error]
[client 2a01:cb08:8d48:3c00:60e3:6360:24ea:5f72]
ModSecurity: Access denied with code 403 (phase 2).
Match of "within %{tx.allowed_request_content_type}" against "TX:0" required.
[file "/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_30_http_policy.conf"]
[line "63"]
[id "960010"]
[msg "Request content type is not allowed by policy"]
[data "text/plain"] [severity "WARNING"]
[tag "POLICY/ENCODING_NOT_ALLOWED"]
[tag "WASCTC/WASC-20"]
[tag "OWASP_TOP_10/A1"]
[tag "OWASP_AppSensor/EE2"]
[tag "PCI/12.1"]
[hostname "my_web_server.com"]
[uri "/FIDO/vendor/lbuchs/webauthn/_test/server.php"]
[unique_id "ZLrcMtUqhd2Nswi@PpMUTwAAAJc"]

2a01:cb08:8d48:3c00:60e3:6360:24ea:5f72
adm8.espace-seize.fr - [21/Jul/2023:21:27:46 +0200]
"POST /FIDO/vendor/lbuchs/webauthn/_test/server.php?fn=processCreate&apple=1&yubico=0&solo=0&hypersecu=0&google=1&microsoft=1&mds=1&requireResidentKey=1&type_usb=0&type_nfc=1&type_ble=1&type_int=1&type_hybrid=1&fmt_android-key=1&fmt_android-safetynet=1&fmt_apple=1&fmt_fido-u2f=1&fmt_none=0&fmt_packed=1&fmt_tpm=1&rpId=my_webserver.com&userId=616c61696e&userName=alain&userDisplayName=Alain%20Tixier&userVerification=discouraged HTTP/1.1" 403 199 "https://my_web_server.com/test26_fido.php?app=reg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5.2 Safari/605.1.15"

@Hispalensis
Copy link
Author

Content of my .htaccess
SetEnv PHP_VER 8
SetEnv MAGIC_QUOTES 0
SetEnv ZEND_OPTIMIZER 1

RewriteEngine on

Redirect to HTTPS

RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

ErrorDocument 501 ./error_501.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lbuchs @Hispalensis