fix: support port 8443 origin for WebAuthn passkeys and CORS
This commit is contained in:
@@ -30,10 +30,10 @@ TELEGRAM_CHAT_ID = os.environ.get("TELEGRAM_CHAT_ID", "")
|
|||||||
TELEGRAM_PROXY = os.environ.get("TELEGRAM_PROXY", "")
|
TELEGRAM_PROXY = os.environ.get("TELEGRAM_PROXY", "")
|
||||||
|
|
||||||
WEBAUTHN_RP_ID = os.environ.get("WEBAUTHN_RP_ID", "nas.jimmygan.com")
|
WEBAUTHN_RP_ID = os.environ.get("WEBAUTHN_RP_ID", "nas.jimmygan.com")
|
||||||
WEBAUTHN_ORIGIN = os.environ.get("WEBAUTHN_ORIGIN", "https://nas.jimmygan.com")
|
WEBAUTHN_ORIGINS = os.environ.get("WEBAUTHN_ORIGIN", "https://nas.jimmygan.com,https://nas.jimmygan.com:8443").split(",")
|
||||||
|
|
||||||
# CORS
|
# CORS
|
||||||
CORS_ORIGINS = os.environ.get("CORS_ORIGINS", "https://nas.jimmygan.com").split(",")
|
CORS_ORIGINS = os.environ.get("CORS_ORIGINS", "https://nas.jimmygan.com,https://nas.jimmygan.com:8443").split(",")
|
||||||
|
|
||||||
# OpenClaw
|
# OpenClaw
|
||||||
OPENCLAW_GATEWAY_TOKEN = os.environ.get("OPENCLAW_GATEWAY_TOKEN", "")
|
OPENCLAW_GATEWAY_TOKEN = os.environ.get("OPENCLAW_GATEWAY_TOKEN", "")
|
||||||
|
|||||||
@@ -41,7 +41,7 @@ async def security_headers(request: Request, call_next):
|
|||||||
response.headers["X-Frame-Options"] = "DENY"
|
response.headers["X-Frame-Options"] = "DENY"
|
||||||
response.headers["X-XSS-Protection"] = "1; mode=block"
|
response.headers["X-XSS-Protection"] = "1; mode=block"
|
||||||
response.headers["Referrer-Policy"] = "strict-origin-when-cross-origin"
|
response.headers["Referrer-Policy"] = "strict-origin-when-cross-origin"
|
||||||
response.headers["Content-Security-Policy"] = "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss://nas.jimmygan.com; frame-ancestors 'none'"
|
response.headers["Content-Security-Policy"] = "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss://nas.jimmygan.com wss://nas.jimmygan.com:8443; frame-ancestors 'none'"
|
||||||
return response
|
return response
|
||||||
|
|
||||||
# Audit logger
|
# Audit logger
|
||||||
|
|||||||
@@ -203,7 +203,7 @@ async def passkey_register_verify(request: Request, current_user: str = Depends(
|
|||||||
credential=body,
|
credential=body,
|
||||||
expected_challenge=challenge,
|
expected_challenge=challenge,
|
||||||
expected_rp_id=config.WEBAUTHN_RP_ID,
|
expected_rp_id=config.WEBAUTHN_RP_ID,
|
||||||
expected_origin=config.WEBAUTHN_ORIGIN,
|
expected_origin=config.WEBAUTHN_ORIGINS,
|
||||||
)
|
)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
raise HTTPException(status_code=400, detail=str(e))
|
raise HTTPException(status_code=400, detail=str(e))
|
||||||
@@ -244,7 +244,7 @@ async def passkey_login_verify(request: Request):
|
|||||||
credential=body,
|
credential=body,
|
||||||
expected_challenge=challenge,
|
expected_challenge=challenge,
|
||||||
expected_rp_id=config.WEBAUTHN_RP_ID,
|
expected_rp_id=config.WEBAUTHN_RP_ID,
|
||||||
expected_origin=config.WEBAUTHN_ORIGIN,
|
expected_origin=config.WEBAUTHN_ORIGINS,
|
||||||
credential_public_key=base64url_to_bytes(matched["public_key"]),
|
credential_public_key=base64url_to_bytes(matched["public_key"]),
|
||||||
credential_current_sign_count=matched["sign_count"],
|
credential_current_sign_count=matched["sign_count"],
|
||||||
)
|
)
|
||||||
|
|||||||
Reference in New Issue
Block a user