Merge pull request #18 from egregors/#16_Error-validating-origin-fix

#16: fix "can't finish registration: Error validating origin" error
egregors · Aug 8, 2024 · 6b3a2ce · 6b3a2ce
2 parents 899d4b6 + 84d892b
commit 6b3a2ce
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 68 deletions.
diff --git a/README.md b/README.md
@@ -94,73 +94,76 @@ type SessionStore interface {
 package main
 
 import (
-	"fmt"
-	"net/http"
-	"net/url"
-	"time"
-
-	"github.com/egregors/passkey"
-	"github.com/go-webauthn/webauthn/webauthn"
+  "fmt"
+  "html/template"
+  "net/http"
+  "net/url"
+  "time"
+
+  "github.com/egregors/passkey"
+  "github.com/go-webauthn/webauthn/webauthn"
 )
 
-func main() {
-	proto := "http"
-	host := "localhost"
-	port := ":8080"
-	origin := fmt.Sprintf("%s://%s%s", proto, host, port)
-
-	storage := NewStorage()
-
-	pkey, err := passkey.New(
-		passkey.Config{
-			WebauthnConfig: &webauthn.Config{
-				RPDisplayName: "Passkey Example", // Display Name for your site
-				RPID:          host,              // Generally the FQDN for your site
-				RPOrigins:     []string{origin},  // The origin URLs allowed for WebAuthn
-			},
-			UserStore:     storage,
-			SessionStore:  storage,
-			SessionMaxAge: 24 * time.Hour,
-		},
-		passkey.WithLogger(NewLogger()),
-		passkey.WithCookieMaxAge(60*time.Minute),
-		passkey.WithInsecureCookie(), // In order to support Safari on localhost. Do not use in production.
-	)
-	if err != nil {
-		panic(err)
-	}
-
-	mux := http.NewServeMux()
-
-	// mount the passkey routes
-	pkey.MountRoutes(mux, "/api/")
-	pkey.MountStaticRoutes(mux, "/static/")
-
-	// public routes
-	mux.Handle("/", http.FileServer(http.Dir("./_example/web")))
-	mux.HandleFunc("/logout", func(w http.ResponseWriter, r *http.Request) {
-		pkey.Logout(w, r)
-		http.Redirect(w, r, "/", http.StatusSeeOther)
-	})
-
-	// private routes
-	privateMux := http.NewServeMux()
-	privateMux.HandleFunc("/", privateHandler())
+const userKey = "pkUser"
 
-	// wrap the privateMux with the Auth middleware
-	withAuth := pkey.Auth(
-		userKey,
-		nil,
-		passkey.RedirectUnauthorized(url.URL{Path: "/"}),
-	)
-	mux.Handle("/private", withAuth(privateMux))
-
-	// start the server
-	fmt.Printf("Listening on %s\n", origin)
-	if err := http.ListenAndServe(port, mux); err != nil {
-		panic(err)
-	}
-}
+func main() {
+  proto := "http"     // "http" | "https"
+  sub := ""           // "" | "login."
+  host := "localhost" // "localhost" | "example.com"
+  port := ":8080"     // port needs only for starting the server, WebauthnConfig.RPOrigins should not contain port
+  origin := fmt.Sprintf("%s://%s%s", proto, sub, host)
+
+  storage := NewStorage()
+
+  pkey, err := passkey.New(
+    passkey.Config{
+      WebauthnConfig: &webauthn.Config{
+        RPDisplayName: "Passkey Example", // Display Name for your site
+        RPID:          host,              // Generally the FQDN for your site
+        RPOrigins:     []string{origin},  // The origin URLs allowed for WebAuthn
+      },
+      UserStore:     storage,
+      SessionStore:  storage,
+      SessionMaxAge: 24 * time.Hour,
+    },
+    passkey.WithLogger(NewLogger()),
+    passkey.WithCookieMaxAge(60*time.Minute),
+    passkey.WithInsecureCookie(), // In order to support Safari on localhost. Do not use in production.
+  )
+  if err != nil {
+    panic(err)
+  }
+
+  mux := http.NewServeMux()
+
+  // mount the passkey routes
+  pkey.MountRoutes(mux, "/api/")
+  pkey.MountStaticRoutes(mux, "/static/")
+
+  // public routes
+  mux.Handle("/", http.FileServer(http.Dir("./_example/web")))
+  mux.HandleFunc("/logout", func(w http.ResponseWriter, r *http.Request) {
+    pkey.Logout(w, r)
+    http.Redirect(w, r, "/", http.StatusSeeOther)
+  })
+
+  // private routes
+  privateMux := http.NewServeMux()
+  privateMux.HandleFunc("/", privateHandler())
+
+  // wrap the privateMux with the Auth middleware
+  withAuth := pkey.Auth(
+    userKey,
+    nil,
+    passkey.RedirectUnauthorized(url.URL{Path: "/"}),
+  )
+  mux.Handle("/private", withAuth(privateMux))
+
+  // start the server
+  fmt.Printf("Listening on %s\n", origin)
+  if err := http.ListenAndServe(port, mux); err != nil {
+    panic(err)
+  }
 
 ```
 

diff --git a/_example/main.go b/_example/main.go
@@ -14,10 +14,11 @@ import (
 const userKey = "pkUser"
 
 func main() {
-	proto := "http"
-	host := "localhost"
-	port := ":8080"
-	origin := fmt.Sprintf("%s://%s%s", proto, host, port)
+	proto := "http"     // "http" | "https"
+	sub := ""           // "" | "login."
+	host := "localhost" // "localhost" | "example.com"
+	port := ":8080"     // port needs only for starting the server, WebauthnConfig.RPOrigins should not contain port
+	origin := fmt.Sprintf("%s://%s%s", proto, sub, host)
 
 	storage := NewStorage()