search

lbuchs / WebAuthn

A simple PHP WebAuthn (FIDO2/Passkey) server library
https://webauthn.lubu.ch
MIT License
419 stars 75 forks source link

JSON Error #76

Open Hispalensis opened 1 year ago

Hispalensis commented 1 year ago

I tried your demo package on my webserver with PHP 8.2.0.

When "New registration" process is selected, I get the following error :

Thank you for your help

Hispalensis commented 12 months ago

Error alert is followed by the next message in the JavaScript Console : https://my_web_server.com/FIDO/vendor/lbuchs/webauthn/_test/server.php?fn=processCreate&apple=1&yubico=1&solo=1&hypersecu=1&google=1&microsoft=1&mds=1&requireResidentKey=1&type_usb=1&type_nfc=1&type_ble=1&type_int=1&type_hybrid=1&fmt_android-key=1&fmt_android-safetynet=1&fmt_apple=1&fmt_fido-u2f=1&fmt_none=0&fmt_packed=1&fmt_tpm=1&rpId=my_webserver.com&userId=616c61696e&userName=alain&userDisplayName=Alain%20Tixier&userVerification=discouraged [Error] Failed to load resource: the server responded with a status of 403 () (server.php, line 0)

Hispalensis commented 11 months ago

[Fri Jul 21 21:27:46 2023] [error] [client 2a01:cb08:8d48:3c00:60e3:6360:24ea:5f72] ModSecurity: Access denied with code 403 (phase 2). Match of "within %{tx.allowed_request_content_type}" against "TX:0" required. [file "/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_30_http_policy.conf"] [line "63"] [id "960010"] [msg "Request content type is not allowed by policy"] [data "text/plain"] [severity "WARNING"] [tag "POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"] [hostname "my_web_server.com"] [uri "/FIDO/vendor/lbuchs/webauthn/_test/server.php"] [unique_id "ZLrcMtUqhd2Nswi@PpMUTwAAAJc"]

2a01:cb08:8d48:3c00:60e3:6360:24ea:5f72 adm8.espace-seize.fr - [21/Jul/2023:21:27:46 +0200] "POST /FIDO/vendor/lbuchs/webauthn/_test/server.php?fn=processCreate&apple=1&yubico=0&solo=0&hypersecu=0&google=1&microsoft=1&mds=1&requireResidentKey=1&type_usb=0&type_nfc=1&type_ble=1&type_int=1&type_hybrid=1&fmt_android-key=1&fmt_android-safetynet=1&fmt_apple=1&fmt_fido-u2f=1&fmt_none=0&fmt_packed=1&fmt_tpm=1&rpId=my_webserver.com&userId=616c61696e&userName=alain&userDisplayName=Alain%20Tixier&userVerification=discouraged HTTP/1.1" 403 199 "https://my_web_server.com/test26_fido.php?app=reg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5.2 Safari/605.1.15"

Hispalensis commented 11 months ago

Content of my .htaccess SetEnv PHP_VER 8 SetEnv MAGIC_QUOTES 0 SetEnv ZEND_OPTIMIZER 1

RewriteEngine on # Redirect to HTTPS RewriteCond %{HTTPS} off RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

ErrorDocument 501 ./error_501.html