starred/pocket-id-pocket-id-1
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-11 07:42:58 +03:00
Code Issues 122 Packages Projects Releases 10 Wiki Activity

🐛 Bug Report: Error #01: Error validating origin #354

New Issue
Closed
opened 2025-10-08 00:04:47 +03:00 by OVERLORD · 2 comments
OVERLORD commented 2025-10-08 00:04:47 +03:00
Owner
Copy Link

Originally created by @Giotto88 on GitHub.

Reproduction steps

Installed with Docker Compose on Ubuntu 22.04.5 LTS (GNU/Linux 5.15.0-1071-raspi aarch64).
Reverse proxy run with caddy installed on system natively, wildcard type ssl imported manually.
Domain has an A record pointing to the local ip of the machine.

(container :3000/http:80) <--> (caddy :443) <--> (Browser)

Go to domain.com/login/setup
Add passkey

The error persists on both ipad, Brave (win) and Edge (win). The error persists with both 1password and Bitwarden extension (The key is created correctly on the password manager but the server goes into exception)

Similar issue and solution

  • Correct protocol in the env conf ( #39 , #126 )
  • Correct port in the env conf ( #86 )

Expected behavior

Add passkey success!

Actual Behavior

Something went wrong

Version and Environment

Powered by Pocket ID (0.31.0)
Docker compose:

version: "3.8"
services:
  pocket-id:
    image: ghcr.io/pocket-id/pocket-id
    restart: unless-stopped
    env_file: .env
    ports:
      - 3000:80
    volumes:
      - ./data:/app/backend/data

Environment Variables:

TRUST_PROXY=true
PUBLIC_APP_URL=https://auth*****.********.online/
PUID=1000
PGID=1003

CaddyFile:

auth***.*******.online {
        tls /etc/caddy/caddy_ssl/domain.cert.pem /etc/caddy/caddy_ssl/private.key.pem
        reverse_proxy http://192.168.1.50:3000
}

DNS conf:
A | auth****.*********.online | 192.168.1.50 | 600

Log Output

Docker log:

[GIN] 2025/02/13 - 14:52:55 | 200 |  465.667516ms |      172.17.0.2 | POST     "/api/one-time-access-token/setup"
[GIN] 2025/02/13 - 14:52:55 | 200 |  465.800641ms |      172.17.0.2 | POST     "/api/one-time-access-token/setup"
[GIN] 2025/02/13 - 14:52:55 | 200 |    4.422531ms |             ::1 | GET      "/api/users/me"
[GIN] 2025/02/13 - 14:52:55 | 200 |     4.61529ms |             ::1 | GET      "/api/users/me"
[GIN] 2025/02/13 - 14:52:55 | 200 |    2.689049ms |             ::1 | GET      "/api/webauthn/credentials"
[GIN] 2025/02/13 - 14:52:55 | 200 |    2.846601ms |             ::1 | GET      "/api/webauthn/credentials"
[GIN] 2025/02/13 - 14:52:58 | 200 |  452.520444ms |      172.17.0.2 | GET      "/api/webauthn/register/start"
[GIN] 2025/02/13 - 14:52:58 | 200 |  452.701693ms |      172.17.0.2 | GET      "/api/webauthn/register/start"
[GIN] 2025/02/13 - 14:53:26 | 200 |  467.355618ms |      172.17.0.2 | GET      "/api/webauthn/register/start"
[GIN] 2025/02/13 - 14:53:26 | 200 |  467.642908ms |      172.17.0.2 | GET      "/api/webauthn/register/start"
[GIN] 2025/02/13 - 14:53:53 | 200 |  445.657953ms |      172.17.0.2 | GET      "/api/webauthn/register/start"
[GIN] 2025/02/13 - 14:53:53 | 200 |  445.856545ms |      172.17.0.2 | GET      "/api/webauthn/register/start"
[GIN] 2025/02/13 - 14:54:04 | 200 |  456.712112ms |      172.17.0.2 | GET      "/api/webauthn/register/start"
[GIN] 2025/02/13 - 14:54:04 | 200 |  456.907841ms |      172.17.0.2 | GET      "/api/webauthn/register/start"
[GIN] 2025/02/13 - 14:54:04 | 500 |    6.712675ms |      172.17.0.2 | POST     "/api/webauthn/register/finish"
Error #01: Error validating origin
[GIN] 2025/02/13 - 14:54:04 | 500 |    6.845018ms |      172.17.0.2 | POST     "/api/webauthn/register/finish"
Error #01: Error validating origin

Browser console log (edge):

[ERR] GET https://www.gravatar.com/avatar/5edfa2692........acd326?d=404 404 (Not Found)
[WARN] startRegistration() was not called correctly. It will try to continue with the provided options, but this call should be refactored to use the expected call structure instead. See https://simplewebauthn.dev/docs/packages/browser#typeerror-cannot-read-properties-of-undefined-reading-challenge for more information.
[ERR] POST https://auth***.******.online/api/webauthn/register/finish 500 (Internal Server Error)
> Payload sent {"id": .... } Response {"error":"Something went wrong"}
Originally created by @Giotto88 on GitHub. ### Reproduction steps Installed with `Docker Compose` on `Ubuntu 22.04.5 LTS (GNU/Linux 5.15.0-1071-raspi aarch64)`. Reverse proxy run with caddy installed on system natively, wildcard type ssl imported manually. Domain has an A record pointing to the local ip of the machine. (container :3000/http:80) <--> (caddy :443) <--> (Browser) Go to domain.com/login/setup Add passkey The error persists on both ipad, Brave (win) and Edge (win). The error persists with both 1password and Bitwarden extension (The key is created correctly on the password manager but the server goes into exception) ### Similar issue and solution - [x] Correct protocol in the env conf ( #39 , #126 ) - [x] Correct port in the env conf ( #86 ) ### Expected behavior Add passkey success! ### Actual Behavior Something went wrong ### Version and Environment Powered by **Pocket ID (0.31.0)** Docker compose: ``` version: "3.8" services: pocket-id: image: ghcr.io/pocket-id/pocket-id restart: unless-stopped env_file: .env ports: - 3000:80 volumes: - ./data:/app/backend/data ``` Environment Variables: ``` TRUST_PROXY=true PUBLIC_APP_URL=https://auth*****.********.online/ PUID=1000 PGID=1003 ``` CaddyFile: ``` auth***.*******.online { tls /etc/caddy/caddy_ssl/domain.cert.pem /etc/caddy/caddy_ssl/private.key.pem reverse_proxy http://192.168.1.50:3000 } ``` DNS conf: `A | auth****.*********.online | 192.168.1.50 | 600` ### Log Output Docker log: ``` [GIN] 2025/02/13 - 14:52:55 | 200 | 465.667516ms | 172.17.0.2 | POST "/api/one-time-access-token/setup" [GIN] 2025/02/13 - 14:52:55 | 200 | 465.800641ms | 172.17.0.2 | POST "/api/one-time-access-token/setup" [GIN] 2025/02/13 - 14:52:55 | 200 | 4.422531ms | ::1 | GET "/api/users/me" [GIN] 2025/02/13 - 14:52:55 | 200 | 4.61529ms | ::1 | GET "/api/users/me" [GIN] 2025/02/13 - 14:52:55 | 200 | 2.689049ms | ::1 | GET "/api/webauthn/credentials" [GIN] 2025/02/13 - 14:52:55 | 200 | 2.846601ms | ::1 | GET "/api/webauthn/credentials" [GIN] 2025/02/13 - 14:52:58 | 200 | 452.520444ms | 172.17.0.2 | GET "/api/webauthn/register/start" [GIN] 2025/02/13 - 14:52:58 | 200 | 452.701693ms | 172.17.0.2 | GET "/api/webauthn/register/start" [GIN] 2025/02/13 - 14:53:26 | 200 | 467.355618ms | 172.17.0.2 | GET "/api/webauthn/register/start" [GIN] 2025/02/13 - 14:53:26 | 200 | 467.642908ms | 172.17.0.2 | GET "/api/webauthn/register/start" [GIN] 2025/02/13 - 14:53:53 | 200 | 445.657953ms | 172.17.0.2 | GET "/api/webauthn/register/start" [GIN] 2025/02/13 - 14:53:53 | 200 | 445.856545ms | 172.17.0.2 | GET "/api/webauthn/register/start" [GIN] 2025/02/13 - 14:54:04 | 200 | 456.712112ms | 172.17.0.2 | GET "/api/webauthn/register/start" [GIN] 2025/02/13 - 14:54:04 | 200 | 456.907841ms | 172.17.0.2 | GET "/api/webauthn/register/start" [GIN] 2025/02/13 - 14:54:04 | 500 | 6.712675ms | 172.17.0.2 | POST "/api/webauthn/register/finish" Error #01: Error validating origin [GIN] 2025/02/13 - 14:54:04 | 500 | 6.845018ms | 172.17.0.2 | POST "/api/webauthn/register/finish" Error #01: Error validating origin ``` Browser console log (edge): ``` [ERR] GET https://www.gravatar.com/avatar/5edfa2692........acd326?d=404 404 (Not Found) [WARN] startRegistration() was not called correctly. It will try to continue with the provided options, but this call should be refactored to use the expected call structure instead. See https://simplewebauthn.dev/docs/packages/browser#typeerror-cannot-read-properties-of-undefined-reading-challenge for more information. [ERR] POST https://auth***.******.online/api/webauthn/register/finish 500 (Internal Server Error) > Payload sent {"id": .... } Response {"error":"Something went wrong"} ```
OVERLORD added the bug label 2025-10-08 00:04:47 +03:00
OVERLORD commented 2025-10-08 00:04:49 +03:00
Author
Owner
Copy Link

@Giotto88 commented on GitHub:

🫣The error was the trailing slash end of the PUBLIC_APP_URL.
Thank you very much for the help and the fantastic project you are developing (besides pingvin-share)

@Giotto88 commented on GitHub: 🫣The error was the trailing slash end of the PUBLIC_APP_URL. Thank you very much for the help and the fantastic project you are developing (besides pingvin-share)
OVERLORD commented 2025-10-08 00:04:50 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

Can you try to remove the trailing slash of PUBLIC_APP_URL=https://auth*****.********.online/?

@stonith404 commented on GitHub: Can you try to remove the trailing slash of `PUBLIC_APP_URL=https://auth*****.********.online/`?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id-pocket-id-1#354
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?