allow webAuthn when server is localhost

2022-10-28 15:02:28 +02:00 · 2022-10-28 15:02:28 +02:00 · 667c516a00
commit 667c516a00
parent 71a1f8e53b
1 changed files with 4 additions and 5 deletions
--- a/src/Application/Model/Webauthn.php
+++ b/src/Application/Model/Webauthn.php
@ -24,11 +24,10 @@ class Webauthn
    public function isAvailable()
    {
-        if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
+        if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ||       // is HTTPS
-            return true;
+            !empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ||
-        }
+            !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on' ||
-        if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ||
+            in_array($_SERVER['REMOTE_ADDR'], ['127.0.0.1', '::1'])         // is localhost
            !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on'
        ) {
            return true;
        }