From 667c516a0076401c115ae6177632b04e8552c8e3 Mon Sep 17 00:00:00 2001
From: Daniel Seifert <ds@shopmodule.com>
Date: Fri, 28 Oct 2022 15:02:28 +0200
Subject: [PATCH] allow webAuthn when server is localhost

---
 src/Application/Model/Webauthn.php | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/Application/Model/Webauthn.php b/src/Application/Model/Webauthn.php
index 636c75c..cd32090 100644
--- a/src/Application/Model/Webauthn.php
+++ b/src/Application/Model/Webauthn.php
@@ -24,11 +24,10 @@ class Webauthn
 
     public function isAvailable()
     {
-        if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
-            return true;
-        }
-        if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ||
-            !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on'
+        if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ||       // is HTTPS
+            !empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ||
+            !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on' ||
+            in_array($_SERVER['REMOTE_ADDR'], ['127.0.0.1', '::1'])         // is localhost
         ) {
             return true;
         }