bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2026-01-31 00:33:33 +00:00
Code Issues Releases Wiki Activity

Move https requirement check further down as we accept http for localhost

Browse Source
This commit is contained in:
Daniel James Smith
2026-01-15 14:37:15 +01:00
parent 7c9af9a0aa
commit bda57a578a
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
libs/common/src/platform/services/fido2/domain-utils.ts
View File

@@ -7,11 +7,6 @@ export function isValidRpId(rpId: string, origin: string) {
return false;
}
// The origin's scheme must be https.
if (!origin.startsWith("https://")) {
return false;
}
const parsedOrigin = parse(origin, { allowPrivateDomains: true });
const parsedRpId = parse(rpId, { allowPrivateDomains: true });
@@ -24,6 +19,11 @@ export function isValidRpId(rpId: string, origin: string) {
return true;
}
// The origin's scheme must be https.
if (!origin.startsWith("https://")) {
return false;
}
// Reject IP addresses (both must be domain names)
if (parsedRpId.isIp || parsedOrigin.isIp) {
return false;