mirror of
https://github.com/keepassxreboot/keepassxc-browser.git
synced 2026-03-11 08:54:43 +00:00
Fix the ability to fake same-origin in passkeys (#2849)
This commit is contained in:
parent
f66bf40287
commit
8b71dbc30f
2 changed files with 10 additions and 14 deletions
|
|
@ -63,6 +63,14 @@ const enablePasskeys = async function() {
|
|||
}
|
||||
};
|
||||
|
||||
const isSameOriginWithAncestors = function () {
|
||||
try {
|
||||
return window.origin === window.top.origin;
|
||||
} catch (_err) {
|
||||
return false;
|
||||
}
|
||||
};
|
||||
|
||||
document.addEventListener('kpxc-passkeys-request', async (ev) => {
|
||||
if (!window.isSecureContext) {
|
||||
kpxcUI.createNotification('error', tr('errorMessagePasskeysContextIsNotSecure'));
|
||||
|
|
@ -72,14 +80,14 @@ const enablePasskeys = async function() {
|
|||
if (ev.detail.action === 'passkeys_create') {
|
||||
const publicKey = kpxcPasskeysUtils.buildCredentialCreationOptions(
|
||||
ev.detail.publicKey,
|
||||
ev.detail.sameOriginWithAncestors,
|
||||
isSameOriginWithAncestors(),
|
||||
);
|
||||
passkeysLogDebug('Passkey request', publicKey);
|
||||
await sendResponse('passkeys_register', publicKey);
|
||||
} else if (ev.detail.action === 'passkeys_get') {
|
||||
const publicKey = kpxcPasskeysUtils.buildCredentialRequestOptions(
|
||||
ev.detail.publicKey,
|
||||
ev.detail.sameOriginWithAncestors,
|
||||
isSameOriginWithAncestors(),
|
||||
);
|
||||
passkeysLogDebug('Passkey request', publicKey);
|
||||
await sendResponse('passkeys_get', publicKey);
|
||||
|
|
|
|||
|
|
@ -137,14 +137,6 @@
|
|||
});
|
||||
};
|
||||
|
||||
const isSameOriginWithAncestors = function() {
|
||||
try {
|
||||
return window.self.origin === window.top.origin;
|
||||
} catch (_err) {
|
||||
return false;
|
||||
}
|
||||
};
|
||||
|
||||
// Throws errors to a correct exceptions
|
||||
const throwError = function(errorCode, errorMessage) {
|
||||
if ((!errorCode && !errorMessage) || errorCode === PASSKEYS_REQUEST_CANCELED) {
|
||||
|
|
@ -193,11 +185,9 @@
|
|||
return null;
|
||||
}
|
||||
|
||||
const sameOriginWithAncestors = isSameOriginWithAncestors();
|
||||
const response = await postMessageToExtension({
|
||||
action: 'passkeys_create',
|
||||
publicKey: options.publicKey,
|
||||
sameOriginWithAncestors: sameOriginWithAncestors,
|
||||
});
|
||||
|
||||
if (!response.publicKey) {
|
||||
|
|
@ -218,11 +208,9 @@
|
|||
return originalCredentials.get(options);
|
||||
}
|
||||
|
||||
const sameOriginWithAncestors = isSameOriginWithAncestors();
|
||||
const response = await postMessageToExtension({
|
||||
action: 'passkeys_get',
|
||||
publicKey: options.publicKey,
|
||||
sameOriginWithAncestors: sameOriginWithAncestors,
|
||||
});
|
||||
|
||||
if (!response.publicKey) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue