Skip to content
This repository has been archived by the owner on Apr 11, 2024. It is now read-only.

Incorrect test for Web Authentication (FIDO 2) #553

Open
padraig-ohiceadha opened this issue Oct 18, 2018 · 0 comments · May be fixed by #559
Open

Incorrect test for Web Authentication (FIDO 2) #553

padraig-ohiceadha opened this issue Oct 18, 2018 · 0 comments · May be fixed by #559

Comments

@padraig-ohiceadha
Copy link

padraig-ohiceadha commented Oct 18, 2018
edited
Loading

I believe that the correct way to detect support for Web Authentication is to check for support of Credential Management, but then as not all implementations of Credential Management will support publicKey then check for that also.

I think the test for support for the final specification should be:
'credentials' in navigator && 'PublicKeyCredential' in window

Also this test will fail if the page isn't loaded via https. The HTML5Test site allows itself to be loaded over http. It would help if a Content-Security-Policy header were added to request the browser to load the page over https if they originally request it over http.

e.g.

Content-Security-Policy: upgrade-insecure-requests;
Strict-Transport-Security: max-age=31536000; includeSubDomains
@AVGP AVGP linked a pull request Aug 9, 2019 that will close this issue
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes webauthn detection AVGP/html5test
2 participants
@padraig-ohiceadha and others