Skip to content

Fix WebAuthn error checking#36219

Merged
lafriks merged 6 commits intogo-gitea:mainfrom
silverwind:webautherr
Dec 21, 2025
Merged

Fix WebAuthn error checking#36219
lafriks merged 6 commits intogo-gitea:mainfrom
silverwind:webautherr

Conversation

@silverwind
Copy link
Copy Markdown
Member

@silverwind silverwind commented Dec 20, 2025
edited
Loading

Fixes: #36216

Now detectWebAuthnSupport returns the error type and lets the caller decide whether they call webAuthnError and show the error. It no longer shows the error during page load when the user has not even interacted with the feature.

The bug affects all users on HTTP, so I think a quick fix release for this might be good.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Dec 20, 2025
@silverwind silverwind mentioned this pull request Dec 20, 2025
Closed
@silverwind
Copy link
Copy Markdown
Member Author

silverwind commented Dec 20, 2025
edited
Loading

I have tested and passkey login still works. Errors also display as expected when I do not provide a passkey.

@silverwind silverwind added the backport/v1.25 This PR should be backported to Gitea 1.25 label Dec 20, 2025
@silverwind silverwind mentioned this pull request Dec 20, 2025
Merged
@silverwind silverwind changed the title Fix webauthn error checking Fix WebAuthn error checking Dec 20, 2025
delvh
delvh approved these changes Dec 20, 2025
View reviewed changes
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Dec 20, 2025
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Dec 21, 2025
@lafriks lafriks enabled auto-merge (squash) December 21, 2025 18:23
@lafriks lafriks merged commit 60de6ce into go-gitea:main Dec 21, 2025
24 checks passed
@GiteaBot GiteaBot added this to the 1.26.0 milestone Dec 21, 2025
zjjhot added a commit to zjjhot/gitea that referenced this pull request Dec 22, 2025
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
1174c86 
* giteaofficial/main:
  Fix WebAuthn error checking (go-gitea#36219)
  [skip ci] Updated translations via Crowdin
  refactor: extract helper functions from SearchIssues (go-gitea#36158)
  [skip ci] Updated translations via Crowdin
  Revert "[skip ci] Updated translations via Crowdin"
  Closed milestones with no issues now show as 100% completed (go-gitea#36220)
  Show edit page confirmation dialog on tree view file change (go-gitea#36130)
  Fix regression in writing authorized principals (go-gitea#36213)
  [skip ci] Updated translations via Crowdin
  Convert locale files from ini to json format (go-gitea#35489)
  Bump crowdin/github-action from 1 to 2 (go-gitea#36204)
  Bump appleboy/git-push-action from 0.0.3 to 1.0.0 (go-gitea#36194)
  Fix labeler config for stylelint (go-gitea#36199)
  Add `modifies/dependencies` label to dependabot (go-gitea#36206)
  Add date to "No Contributions" tooltip (go-gitea#36190)
  Revert "Bump alpine to 3.23 (go-gitea#36185)" (go-gitea#36202)
@GiteaBot
Copy link
Copy Markdown
Collaborator

GiteaBot commented Dec 22, 2025

I was unable to create a backport for 1.25. @silverwind, please send one manually. 🍵

go run ./contrib/backport 36219
...  // fix git conflicts if any
go run ./contrib/backport --continue

@GiteaBot GiteaBot added the backport/manual No power to the bots! Create your backport yourself! label Dec 22, 2025
@silverwind silverwind deleted the webautherr branch December 23, 2025 17:17
silverwind added a commit to silverwind/gitea that referenced this pull request Dec 23, 2025
@silverwind
Fix WebAuthn error checking (go-gitea#36219)
5a0564b 
Fixes: go-gitea#36216

Now `detectWebAuthnSupport` returns the error type and lets the caller
decide whether they call `webAuthnError` and show the error. It no
longer shows the error during page load when the user has not even
interacted with the feature.

The bug affects all users on HTTP, so I think a quick fix release for
this might be good.
@silverwind silverwind mentioned this pull request Dec 23, 2025
Merged
@lunny lunny added the backport/done All backports for this PR have been created label Dec 26, 2025
silverwind added a commit that referenced this pull request Jan 6, 2026
@silverwind
Fix WebAuthn error checking (#36219) (#36235)
39e83bd 
Backport of #36219
Fixes: #36216

Now `detectWebAuthnSupport` returns the error type and lets the caller
decide whether they call `webAuthnError` and show the error. It no
longer shows the error during page load when the user has not even
interacted with the feature.

The bug affects all users on HTTP, so I think a quick fix release for
this might be good.
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Mar 21, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@lafriks lafriks lafriks approved these changes

@delvh delvh delvh approved these changes

Assignees

No one assigned

Labels

backport/done All backports for this PR have been created backport/manual No power to the bots! Create your backport yourself! backport/v1.25 This PR should be backported to Gitea 1.25 lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/frontend type/bug

Projects

None yet

Milestone

1.26.0

Development

Successfully merging this pull request may close these issues.

WebAuthn failure on HTTP instance with a custom domain (again)

5 participants

@silverwind @GiteaBot @lafriks @delvh @lunny