xi
commented
1 year ago This is great! Thanks a lot.
Closed humphrey closed 1 year ago
xi
commented
1 year ago This is great! Thanks a lot.
xi
commented
1 year ago This is now available as part of 0.11.0
humphrey
commented
1 year ago This is now available as part of 0.11.0
Perfect! I have removed my monkey patch and updated to 0.11.0 and it works like a treat! Thank you for doing such a quick release.
I'm also in the process of encapsulating the logic of this project within a GraphQL API, so that our users can login from a React App. It's probably outside the scope of this project, but I'm happy to share some of that code back if it's helpful to this project :)
xi
commented
1 year ago I'm also in the process of encapsulating the logic of this project within a GraphQL API, so that our users can login from a React App. It's probably outside the scope of this project, but I'm happy to share some of that code back if it's helpful to this project :)
I also think this is probably out of scope, but still I would be very interested, and others might be, too. So yes, it would be great if you could share that code!
This pull request implements a custom
verify_originfunction as suggested in this issue. This enables using FIDO2 on localhost during development.Why? Browsers can consider "localhost" as a secure context, and therefore browsers allow FIDO2 to operate on domains such as http://localhost or http://mysite.localhost:8080.
However, the
verify_originfunction in python-fido2 has a hardcoded check for "https". The above issue suggested updating python-fido2 to allow localhost, but as can be seen in the discussion, the solution was to provide a custom function.This pull request updates django-mfa3 to provide a custom verify_origin function if
DEBUG == Trueand DOMAIN is set to a localhost domain.