From bda57a578a22f35bb71fc6ba9916301a8d9185ae Mon Sep 17 00:00:00 2001
From: Daniel James Smith <djsmith85@users.noreply.github.com>
Date: Thu, 15 Jan 2026 14:37:15 +0100
Subject: [PATCH] Move https requirement check further down as we accept http
 for localhost

---
 .../common/src/platform/services/fido2/domain-utils.ts | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/libs/common/src/platform/services/fido2/domain-utils.ts b/libs/common/src/platform/services/fido2/domain-utils.ts
index 856185f1f79..32eb3d5692b 100644
--- a/libs/common/src/platform/services/fido2/domain-utils.ts
+++ b/libs/common/src/platform/services/fido2/domain-utils.ts
@@ -7,11 +7,6 @@ export function isValidRpId(rpId: string, origin: string) {
     return false;
   }
 
-  // The origin's scheme must be https.
-  if (!origin.startsWith("https://")) {
-    return false;
-  }
-
   const parsedOrigin = parse(origin, { allowPrivateDomains: true });
   const parsedRpId = parse(rpId, { allowPrivateDomains: true });
 
@@ -24,6 +19,11 @@ export function isValidRpId(rpId: string, origin: string) {
     return true;
   }
 
+  // The origin's scheme must be https.
+  if (!origin.startsWith("https://")) {
+    return false;
+  }
+
   // Reject IP addresses (both must be domain names)
   if (parsedRpId.isIp || parsedOrigin.isIp) {
     return false;