-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Register a new FIDO2 Authenticator - The request is insecure #141
Comments
The fido protocol requires the connection to be secured using https https://timonweb.com/django/https-django-development-server-ssl-certificate/ after having this done, I could get registration working fine, so I don't know why it wouldn't work for you. You can try to use chrome developer console to see if the ajax request was done in http or https. |
I followed these instructions to create locally trusted certs and it seems to work so my connection should be secured using https. I think my problem is a network issue. I am using docker-compose with a nginx server, a django server, and postgres. I'm using a nginx reverse proxy so I think (am unsure) I cannot can use your link since I don't need the django server to serve https since nginx makes sure everything to the client is served in https.
In the network tab after clicking register I can see a request is made to Maybe related to #88? |
Not sure if this is the correct fix but it appears to work now. I changed my nginx config so that it uses the same hostname when connecting to Django, so now Django uses that address in the document it sends to the browser to request a new key. I had further problems that were similarly fixed by making sure my React frontend was not running on https:localhost:3000 (doesn't matter if it is https, didn't work) and deploying it with nginx so that it runs on the same domain as django. So basically: Same domain all the things and it works. |
After authenticating and logging in a user using
django.contrib.auth
I try to register via the/registration/
endpoint. No matter what I do I am always met with aThe request is insecure.
I figured the cause might be because I wasn't on HTTPS at first, but after updating that and making sure my CA certificates are valid I still have the same issue.
What else might be causing this issue?
The text was updated successfully, but these errors were encountered: