I am creating a React app and am using Webauthn to use device biometrics for authentication.
My implementation works perfectly in Chrome however I get an alert saying 'The operation can't be completed' on Safari or any iOS device.
The error disappears when I set my attestation to 'none' however I need to use direct attestation for this app.
Has anyone experienced this issue before and managed to resolve it?
Thank you
That's a limitation of WebAuthn in Safari unfortunately. Apple confirmed that when they launch passkeys officially in macOS Ventura and iOS 16 they won't support direct attestation either. Whether this means "direct" attestation will return no attestation, or error out instead as it currently does, is still TBD till they officially launch.
For now you'll have to decide to support use of Safari or not. You can either browser detect via user agent to request "none" attestation in Safari, or keep it "direct" and just not allow users to use Safari.
Related
I am writing an app in React in order to make a beautiful UI for my API. When I run it in Arch Linux's Firefox it works well. However, when I run it in my Android device, it seems like the initial API call (inside the useEffect of the App.js) is not done, not in Firefox neither in Chrome.
I am serving the app in the computer and then opening it with my local IP address (not localhost, obviously) with my phone.
Does anyone know why isn't that working in the phone even though it is working in my Linux machine?
The source code (of the UI and of the API) is in my Github (https://github.com/ToniIvars/Localdrive).
Thank you in advance.
I suffer a similar problem recently, may relate to unreachable IP address or some security problem.
I recommend using the chrome remote debug tool to make everything clear, in short that's how to do that:
First, open your phone debug mode, connect it to the PC with adb debug enable
Open chrome on your phone
Open chrome on your PC, go to 'chrome://inspect#devices'
Wait for a second and you should see your device, click inspect on it
Soon you can find out what cause the problem
Here's a full tutorial: https://developer.chrome.com/docs/devtools/remote-debugging/
I have a project using React but the component WebCam that works perfectly in all browsers locally; but when tested in a server, doesn't show the permits pop-up to allow the use of the camera.
I don't think the code is the problem. Instead some security on the browsers. I tried to give permissions directly to the site on Chrome and I can't change it. And is not blocked, on either browser.
Some other considerations:
I haven't install any ssl certificate, is just a small testing server to play, so I wasn't thinking to install them for the moment.
could this be the problem?
The getUserMedia API requires you to serve the page over HTTPS (or on localhost). So if you haven’t set that up, that is why it’s not working in production.
See the Security section of this documentation for more details: https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getUserMedia#security
I am experiencing a strange issue with AngularJS on a local (windows) environment. I use two bootstrap frameworks build with angular (homer and neuboard). When I run the template (both!) in its AngularJS version locally on windows Chrome freezes completely and causes a huge cpu activity. Firefox on the other hand works fine.
When I upload the same files (distributed template, now compilation neccessary) on my server both chrome and firefox are working fine!
Has anybody experienced something like that or a clue whats causing this?
I have one: Both use angulars ui-router. Maybe Chrome has in this case a problem with resolving/routing the URL, if it starts with file:///C:/...?
Kind regards,
Nico
I would try to check the dev tools in the browser. Check for errors and also the Network tab (https://developers.google.com/web/tools/chrome-devtools/)
You can precisely tell which operation took too long.
I sometimes had issues with cross-referencing on a local machine which is only an issue on some browsers (normally a useful security measure). There is a plugin to turn this off, if that is the error.
This issue is caused by chromes web security itself. By default chrome doesn't allow HTTP-Request from cross origins from other protocols than http, https, data, chrome and so on - but not from file:///
According to this question: Allow Google Chrome to use XMLHttpRequest to load a URL from a local file
I started chrome without Web Security and everything workes fine!
I'd like to use my FaceBook test users (which can be used in a browser and username/password are working correctly) in my iPhone Simulator and iPhone itself for trying to post from an application. If I try to register the FaceBook test account in iOS6 Settings, I got an error
Could not communicate with the server
This error is different from username/password wrong and seems to work for almost 30 seconds before the error pops up. (The login via Mobile Safari works flawless)
Any ideas what I should try to get iOS6 to work with my FaceBook test user?
Best regards
A.Steinel
I need to create a Chrome extension that will allow us to get the user's credentials so that he will be automatically loging into the intranet (heavily-modified Wordpress).
I know for sure that Firefox can access Registry and AD credentials, but with the erratic updates and extensions that are constantly disabled by those, we can't afford to manually check every time firefox has an update.
I've searched on Google and so far I haven't found any answer. I've checked on Google labs and also on the Chrome extension store to see if there was a similar extension, but I found nothing either.
I've seen ADM released by chrome but this is for network administrators who want to centralize settings.
Any one has a clue on this?
This is not well documented, but after some research I found that this capability is built into Chrome. All you need to do is add the Wordpress site to the "Intranet" zone on a Windows PC.
The setting is accessible from Chrome (even though it is a Windows setting):
Settings/Advanced/Change Proxy Settings/Security/Local Intranet/Sites