starred/healthchecks
1
0
Fork 0
mirror of https://github.com/healthchecks/healthchecks.git synced 2026-04-26 07:25:51 +03:00
Code Issues 56 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #980] RP_ID can't be changed after initial deployment? #686

New issue
Closed
opened 2026-02-25 23:43:16 +03:00 by kerem · 2 comments
kerem commented 2026-02-25 23:43:16 +03:00
Owner
Copy link

Originally created by @pro-sumer on GitHub (Mar 26, 2024).
Original GitHub issue: https://github.com/healthchecks/healthchecks/issues/980

Until today I was using this configuration and 2FA via security keys worked fine:

ALLOWED_HOSTS=sub.domain.tld
SITE_ROOT=https://sub.domain.tld
RP_ID=sub.domain.tld

When I tried to move to a different subdomain (but keeping the old one for pings) adding 2FA via security keys no longer works (I removed all keys before the move):

ALLOWED_HOSTS=another_sub.domain.tld,sub.domain.tld
SITE_ROOT=https://another_sub.domain.tld
RP_ID=another_sub.domain.tld

Without 2FA I can log in on both another_sub.domain.tld and sub.domain.tld. However, when I try to add security keys on another_sub.domain.tld I get the error message "SecurityError: The provided RP ID is not a registrable domain suffix of the effective domain of the document.". Additionally, security keys can still be added on sub.domain.tld.

I did restart the Docker container. Why is it still using the old RP_ID value?

PS: I can't currently test any further due to this additional error: "Too Many Requests. Please try again later."

Originally created by @pro-sumer on GitHub (Mar 26, 2024). Original GitHub issue: https://github.com/healthchecks/healthchecks/issues/980 Until today I was using this configuration and 2FA via security keys worked fine: ``` ALLOWED_HOSTS=sub.domain.tld SITE_ROOT=https://sub.domain.tld RP_ID=sub.domain.tld ``` When I tried to move to a different subdomain (but keeping the old one for pings) adding 2FA via security keys no longer works (I removed all keys before the move): ``` ALLOWED_HOSTS=another_sub.domain.tld,sub.domain.tld SITE_ROOT=https://another_sub.domain.tld RP_ID=another_sub.domain.tld ``` Without 2FA I can log in on both `another_sub.domain.tld` and `sub.domain.tld`. However, when I try to add security keys on `another_sub.domain.tld` I get the error message "_SecurityError: The provided RP ID is not a registrable domain suffix of the effective domain of the document._". Additionally, security keys can still be added on `sub.domain.tld`. I did restart the Docker container. Why is it still using the old RP_ID value? PS: I can't currently test any further due to this additional error: "_Too Many Requests. Please try again later._"
kerem closed this issue 2026-02-25 23:43:16 +03:00
kerem commented 2026-02-25 23:43:17 +03:00
Author
Owner
Copy link

@cuu508 commented on GitHub (Mar 27, 2024):

When you are on the "Add Security Key" page and are about to enter the new key's name, please view the page source and look for a line that looks like so:

<script id="options" type="application/json">{"publicKey": {"rp": {"name": "healthchecks", "id": "another_sub.domain.tld"}, [...]</script>

In the JSON string, publicKey.rp.id key, does it show "another_sub.domain.tld"?

And, just to make sure, is the page URL https://another_sub.domain.tld/accounts/two_factor/webauthn/?

<!-- gh-comment-id:2022745396 --> @cuu508 commented on GitHub (Mar 27, 2024): When you are on the "Add Security Key" page and are about to enter the new key's name, please view the page source and look for a line that looks like so: ``` <script id="options" type="application/json">{"publicKey": {"rp": {"name": "healthchecks", "id": "another_sub.domain.tld"}, [...]</script> ``` In the JSON string, `publicKey.rp.id` key, does it show "another_sub.domain.tld"? And, just to make sure, is the page URL `https://another_sub.domain.tld/accounts/two_factor/webauthn/`?
kerem commented 2026-02-25 23:43:17 +03:00
Author
Owner
Copy link

@pro-sumer commented on GitHub (Mar 27, 2024):

Today adding the keys worked just fine... (and all the values seem to be as expected).

Could it be a browser cache issue yesterday?

Anyway, feel free to close this issue.

<!-- gh-comment-id:2023992417 --> @pro-sumer commented on GitHub (Mar 27, 2024): Today adding the keys worked just fine... (and all the values seem to be as expected). Could it be a browser cache issue yesterday? Anyway, feel free to close this issue.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
py2
v4.1.1
v4.1
v4.0
v3.13
v3.12
v3.11.2
v3.11.1
v3.11
v3.10
v3.9
v3.8.2
v3.8.1
v3.8
v3.7
v3.6
v3.5.2
v3.5.1
v3.5
v3.4
v3.3
v3.2
v3.1
v3.0.1
v3.0
v2.10
v2.9.2
v2.9.1
v2.9
v2.8.1
v2.8
v2.7
v2.6.1
v2.6
v2.5
v2.4.1
v2.4
v2.3
v2.2.1
v2.2
v2.1
v2.0.1
v2.0
v1.25.0
v1.24.1
v1.24.0
v1.23.1
v1.23.0
v1.22.0
v1.21.0
v1.20.0
v1.19.0
v1.18.0
v1.17.0
v1.16.0
v1.15.0
v1.14.0
v1.13.0
v1.12.0
v1.11.0
v1.10.0
v1.9.0
v1.8.0
v1.7.0
v1.6.0
v1.5.0
v1.4.0
v1.3.0
v1.2.0
v1.1.0
v1.0.4
v1.0.3
v1.0.2
1.0.2
v1.0.1
v1.0
Labels
Clear labels   
bug

   
bug

   
bug

   
feature

   
good-first-issue

   
new integration

   
pull-request

Mirrored from GitHub Pull Request

  
question
No labels
bug
bug
bug
feature
good-first-issue
new integration
pull-request
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/healthchecks#686
No description provided.