use hostname instead of host to strip the ports

kryptco / kr-u2f

DEPRECATED A Browser extension that lets you use your phone as a U2F/WebAuthN Authenticator for strong, unphishable 2FA.

https://krypt.co

125 stars 36 forks source link

use hostname instead of host to strip the ports #42

Closed PeterStaev closed 4 years ago

PeterStaev commented 4 years ago

Per the specs here: https://www.w3.org/TR/webauthn/#relying-party-identifier

For example, given a Relying Party whose origin is https://login.example.com:1337, then the following RP IDs are valid: login.example.com (default) and example.com, but not m.login.example.com and not com.

Fix #41

agrinman commented 4 years ago

Sorry for the delay here, thanks!