From ce9f63bf862f3591a02e4dec3067570ce3c53e0a Mon Sep 17 00:00:00 2001
From: Julian Rother <julianr@fsmpi.rwth-aachen.de>
Date: Mon, 5 Oct 2020 09:12:14 +0200
Subject: [PATCH] enabled ssl in run.py for webauthn testing

---
 .gitignore | 4 ++++
 run.py     | 9 ++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index a6b65dcb..aebed19b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -147,3 +147,7 @@ Sessionx.vim
 tags
 # Persistent undo
 [._]*.un~
+
+# Auto-generated development key/certificate
+devcert.crt
+devcert.key
diff --git a/run.py b/run.py
index 461c5dea..b8ccfa5b 100755
--- a/run.py
+++ b/run.py
@@ -1,8 +1,15 @@
 #!/usr/bin/env python3
+from werkzeug.serving import make_ssl_devcert
+
 from uffd import *
 
 if __name__ == '__main__':
 	app = create_app()
 	init_db(app)
 	print(app.url_map)
-	app.run(threaded=True, debug=True)
+	if not os.path.exists('devcert.crt') or not os.path.exists('devcert.key'):
+		make_ssl_devcert('devcert')
+	# WebAuthn requires https and a hostname (not just an IP address). If you
+	# don't want to test U2F/FIDO2 device registration/authorization, you can
+	# safely remove `host` and `ssl_context`.
+	app.run(threaded=True, debug=True, host='localhost', ssl_context=('devcert.crt', 'devcert.key'))
-- 
GitLab