From 0cdc0cb147e39a382a1e8345191f19ac69df6217 Mon Sep 17 00:00:00 2001
From: Jeremy Lin <jeremy.lin@gmail.com>
Date: Sun, 29 Aug 2021 15:35:25 -0700
Subject: [PATCH] Fix incorrect WebAuthn origin

This mainly affects users running Vaultwarden under a subpath.

Refs:

* https://github.com/kanidm/webauthn-rs/blob/b2cbb34/src/core.rs#L941-L948
* https://github.com/kanidm/webauthn-rs/blob/b2cbb34/src/core.rs#L316
* https://w3c.github.io/webauthn/#dictionary-client-data
---
 src/api/core/two_factor/webauthn.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/api/core/two_factor/webauthn.rs b/src/api/core/two_factor/webauthn.rs
index 03daf43b..1730d4f0 100644
--- a/src/api/core/two_factor/webauthn.rs
+++ b/src/api/core/two_factor/webauthn.rs
@@ -22,12 +22,14 @@ pub fn routes() -> Vec<Route> {
 
 struct WebauthnConfig {
     url: String,
+    origin: String,
     rpid: String,
 }
 
 impl WebauthnConfig {
     fn load() -> Webauthn<Self> {
         let domain = CONFIG.domain();
+        let domain_origin = CONFIG.domain_origin();
         Webauthn::new(Self {
             rpid: reqwest::Url::parse(&domain)
                 .map(|u| u.domain().map(str::to_owned))
@@ -35,6 +37,7 @@ impl WebauthnConfig {
                 .flatten()
                 .unwrap_or_default(),
             url: domain,
+            origin: domain_origin,
         })
     }
 }
@@ -45,7 +48,7 @@ impl webauthn_rs::WebauthnConfig for WebauthnConfig {
     }
 
     fn get_origin(&self) -> &str {
-        &self.url
+        &self.origin
     }
 
     fn get_relying_party_id(&self) -> &str {