🐛 Bug Report: unable to register additional passkeys using KeepassXC (more than one) #138

New Issue

Closed

opened 2025-07-08 08:40:45 -04:00 by AtHeartEngineer · 0 comments

AtHeartEngineer commented 2025-07-08 08:40:45 -04:00

Owner

Copy Link

Originally created by @mihakrumpestar on 5/25/2025

Reproduction steps

Latest Pocket-id (v1.0) using Caddy reverse proxy. Configs and versions are in "Additional Information" section.

Reproducible on "demo" website (https://demo.pocket-id.org/start-demo).

Steps:

• Use a new or existing account without/with passkeys (but none of them are from KeepassXC).
• Register a KeepassXC passkey. (works)
• Try to register second KeepassXC passkey. (fails)

Tried this in LibreWolf and Brave.

Expected behavior

It should allow registering another passkey from same provider.

Actual Behavior

KeepassXC extensions gives pop-up:

and proceeds to try my hardware FIDO2 key.

Version and Environment

Client - Browser:

• KeePassXC - 2.7.10
• KeePassXC-Browser - 1.9.7
• Operating system: Linux x86_64
• Browser: Mozilla Firefox 134.0 (Librewolf) and Brave v1.78.102

Server:

• image: ghcr.io/pocket-id/pocket-id:v1.0

• Reverse proxy is Caddy with the following config for headers:

  	header {
  		# Remove Server header (empty fingerprint signature)
  		-Server
  		-via
  
  		# Permissions Policy (formerly Feature Policy)
  		Permissions-Policy "interest-cohort=(), camera=(), microphone=(), geolocation=(), payment=(), usb=(), vr=()"
  
  		# HTTP Strict Transport Security
  		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  
  		# Content Type Options
  		X-Content-Type-Options "nosniff"
  
  		# CSP header
  		#Content-Security-Policy "default-src 'self'; img-src *;" # Breaks Nextcloud
  
  		# Robots Tag
  		?X-Robots-Tag "none, noindex, nofollow, nosnippet, noarchive, notranslate, noimageindex"
  
  		# Frame Options (Clickjacking protection), SAMEORIGIN is required for FIDO2 (Vaultwarden)
  		X-Frame-Options "SAMEORIGIN"
  
  		# XSS Protection
  		X-XSS-Protection "1; mode=block"
  
  		# Referrer Policy
  		Referrer-Policy "same-origin"
  
  		# Access Control
  		?Access-Control-Allow-Methods "GET, OPTIONS, PUT"
  		Access-Control-Max-Age "100"
  
  		defer
  	}
  

Log Output

There are no errors and logs.

*Originally created by @mihakrumpestar on 5/25/2025* ### Reproduction steps Latest Pocket-id (v1.0) using Caddy reverse proxy. Configs and versions are in "Additional Information" section. Reproducible on "demo" website (https://demo.pocket-id.org/start-demo). Steps: - Use a new or existing account without/with passkeys (but none of them are from KeepassXC). - Register a KeepassXC passkey. (works) - Try to register second KeepassXC passkey. (fails) Tried this in LibreWolf and Brave. ### Expected behavior It should allow registering another passkey from same provider. ### Actual Behavior KeepassXC extensions gives pop-up:  and proceeds to try my hardware FIDO2 key. ### Version and Environment Client - Browser: - KeePassXC - 2.7.10 - KeePassXC-Browser - 1.9.7 - Operating system: Linux x86_64 - Browser: Mozilla Firefox 134.0 (Librewolf) and Brave v1.78.102 Server: - image: ghcr.io/pocket-id/pocket-id:v1.0 - Reverse proxy is Caddy with the following config for headers: ```Caddyfile header { # Remove Server header (empty fingerprint signature) -Server -via # Permissions Policy (formerly Feature Policy) Permissions-Policy "interest-cohort=(), camera=(), microphone=(), geolocation=(), payment=(), usb=(), vr=()" # HTTP Strict Transport Security Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" # Content Type Options X-Content-Type-Options "nosniff" # CSP header #Content-Security-Policy "default-src 'self'; img-src *;" # Breaks Nextcloud # Robots Tag ?X-Robots-Tag "none, noindex, nofollow, nosnippet, noarchive, notranslate, noimageindex" # Frame Options (Clickjacking protection), SAMEORIGIN is required for FIDO2 (Vaultwarden) X-Frame-Options "SAMEORIGIN" # XSS Protection X-XSS-Protection "1; mode=block" # Referrer Policy Referrer-Policy "same-origin" # Access Control ?Access-Control-Allow-Methods "GET, OPTIONS, PUT" Access-Control-Max-Age "100" defer } ``` ### Log Output There are no errors and logs.

AtHeartEngineer closed this issue 2025-07-08 08:40:45 -04:00

AtHeartEngineer added the bugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbugbug labels 2025-07-08 08:40:46 -04:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feat/kyles-pagination-attempt

i18n_crowdin

feat/self-host-icons

feat/pagination-improvements

slog-gorm

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.53.0

v0.52.0

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.0

v0.45.0

v0.44.0

v0.43.1

v0.43.0

v0.42.1

v0.42.0

v0.41.0

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.6

v0.35.5

v0.35.4

v0.35.3

v0.35.2

v0.35.1

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.1

v0.28.0

v0.27.2

v0.27.1

v0.27.0

v0.26.0

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

breaking

breaking

breaking

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

feature

go

go

javascript

javascript

javascript

javascript

javascript

javascript

needs more upvotes

needs more upvotes

needs more upvotes

needs more upvotes

needs more upvotes

needs more upvotes

open to pull requests

open to pull requests

open to pull requests

open to pull requests

open to pull requests

No Label bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

AtHeartEngineer

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/pocket-id#138