API does not expect alternate port.

gavinsawyer / firebase-web-authn

A Firebase Extension for authentication with WebAuthn passkeys. Hire the developer: /in/gavinsawyer-dev.

https://extensions.dev/extensions/gavinsawyer/firebase-web-authn

Apache License 2.0

40 stars 2 forks source link

API does not expect alternate port. #9

Open titocosta opened 1 year ago

titocosta commented 1 year ago

Extension works ok when hosting on Vercel on default port but the cloud function throws this error on localhost.

Error: Unexpected registration response origin "http://localhost:3000", expected "https://localhost"

Not sure where I should specify a different port number and protocol to get the verification through?

gavinsawyer commented 1 year ago

The expected origin is specified strictly as "https://" + callableContext.rawRequest.hostname, which I recognize makes it impossible to test on localhost. This is hardcoded in a few lines of getFirebaseWebAuthnApi.ts.

The W3C spec specifies that the expected origin must be on https, so I'm not sure if it's possible to test on localhost and I've never tried. However, I've added "expect alternate port" to my list.

Karnak19 commented 9 months ago

You should be able to test it on local with a simple caddy server:

Caddyfile:

app.localhost {
  reverse_proxy localhost:3000
}

Then you can open [https://app.localhost]()