search

duo-labs / py_webauthn

Pythonic WebAuthn 🐍
https://duo-labs.github.io/py_webauthn
BSD 3-Clause "New" or "Revised" License
856 stars 171 forks source link

CSRF token is missing #94

Closed softalpaca closed 3 years ago

softalpaca commented 3 years ago

Hello, when verifying the registration I get this error that the CSRF token is missing. The console is printing:

webauthn.js:83 Server validation of credential failed: SyntaxError: Unexpected token < in JSON at position 0

and the response body for "verify_credential_info" is showing:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>400 Bad Request</title>
<h1 >Bad Request</h1 >
<p>The CSRF token is missing.</p>

How and where can I add the csrf_token so that it is recognized as such? I would be super grateful for any help!

softalpaca commented 3 years ago

solved it myself. You can add this to your html:

< form id="csrf-token" name="login" method="get"> < input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/> < /form>

and in the webauthn.js:

const postNewAssertionToServer = async (credentialDataForServer) => { const form = document.querySelector('#csrf-token'); const formData = new FormData(form); Object.entries(credentialDataForServer).forEach(([key, value]) => { formData.set(key, value); });

return await fetch_json(
    "/verify_credential_info", {
    method: "POST",
    body: formData
});

}