The demo doesn't seems to work with last versions of Chrome and Firefox

[Natim]

On chrome : user.icon must be a secure URL.

On Firefox: undefined

[Natim]

For Chrome I pushed b28e8e9 that fixes the first issue.

[justinmayer]

Thank you, Rémy, for documenting this and fixing the issue with Chrome. I wasn't able to reproduce the Firefox problem you encountered; I tested current master with two different computing environments:

• Firefox 81.0.1 on macOS 10.14.6 with YubiKey FIDO U2F Security Key
• Firefox 80.0.1 on macOS 10.13.6 with YubiKey 4C Nano

In my testing, I was able to add the above devices and then use them to log in. That said, both of the above security keys are from 2016/2017 and thus only support FIDO / U2F — not FIDO2 / WebAuthn. So it's possible that is the reason why I can't reproduce the error. (In order to get a more up-to-date key, I have ordered a new Solo Tap USB-C key as part of a DiceKeys bundle, but I won't receive it until 2021.)

I don't know whether it's helpful, but while poking around I came across SoloKeys' fido2-tests project. Just thought I'd mention it since I hadn't seen that project before.

[christophbeberweil]

Hi @justinmayer, thak you for this awesome library.

I observe the issue not only in Firefox, but in Brave(based on Chrome) as well.

Firefox:

Brave:

I tested with a recent Yubikey (5C NFC), so maybe it is a problem based on the Yubikey in use?

I also observed that the POST request that is supposed to be made by getCredentialCreateOptionsFromServer in webauthn.js is never made. I think the problem in my case might be that something with the setup is wrong.

If you have any idea what might be the cause of the problem I would happily create a pull request if I am able to solve the problem.

Thanks :)

OS Ubuntu 22.04.01
Python 3.11
Django 4.1.3
Kagi 0.3.0
Yubikey 5C NFC
Firefox: 102.5.0esr (64-bit)
Brave: Version 1.46.134 Chromium: 108.0.5359.94 (Official Build) (64-bit)