From ea1a02bd7d0bbc84291cf3a647fa13bc5b599522 Mon Sep 17 00:00:00 2001
From: El-Virus <36414402+El-Virus@users.noreply.github.com>
Date: Sun, 26 Dec 2021 17:11:06 +0100
Subject: [PATCH] Fix "The operation is insecure." when trying to register
 fido2 device.

navigator.credentials.create(); Doesn't accept a port in the "id" parameter. So, when trying to register a fido2 device via WebAuthn throws: "The operation is insecure." on firefox and "The relying party ID is not a registrable domain suffix of, nor equal to the current domain." on Chrome or Edge.
This commit replaces `$_SERVER['HTTP_HOST']` with `$_SERVER['SERVER_NAME']` when initializing `$WebAuthn` which excludes the port to formulate correct requests.
Now Mailcow allows the registration of fido2 devices when running in a non-standard port(eg. 443).
---
 data/web/inc/prerequisites.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php
index a5eb2c80..95a9c63b 100644
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -60,7 +60,7 @@ $tfa = new RobThree\Auth\TwoFactorAuth($OTP_LABEL, 6, 30, 'sha1', $qrprovider);
 
 // FIDO2
 $formats = $GLOBALS['FIDO2_FORMATS'];
-$WebAuthn = new \WebAuthn\WebAuthn('WebAuthn Library', $_SERVER['HTTP_HOST'], $formats);
+$WebAuthn = new \WebAuthn\WebAuthn('WebAuthn Library', $_SERVER['SERVER_NAME'], $formats);
 $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/solo.pem');
 $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/apple.pem');
 $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/nitro.pem');