Merge pull request #30 from deibertf/1.x

Update webauthn.js to prevent wrong request urls
Laragear · Feb 16, 2023 · 2e420ba · 2e420ba
2 parents 3291c57 + 73502ce
commit 2e420ba
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/resources/js/webauthn.js b/resources/js/webauthn.js
@@ -156,7 +156,9 @@ class WebAuthn {
      * @returns {Promise<Response>}
      */
     #fetch(data, route, headers = {}) {
-        return fetch(route, {
+        const url = new URL(route, window.location.origin).href;
+
+        return fetch(url, {
             method: "POST",
             credentials: this.#includeCredentials ? "include" : "same-origin",
             redirect: "error",
@@ -313,6 +315,7 @@ class WebAuthn {
         const publicKeyCredential = this.#parseOutgoingCredentials(credentials);
 
         Object.assign(publicKeyCredential, response);
+        Object.assign(publicKeyCredential, request);
 
         return await this.#fetch(publicKeyCredential, this.#routes.register).then(WebAuthn.#handleResponse);
     }