Breaks WP-WebAuthn plugin

  • Resolved 2haas

    (@2haas)


    2 years, 9 months ago

    The option “Protect admin-ajax.php against suspicious bots” appear to break Passkey-based login using the WP-WebAuthn plugin. The login form instantly shows “Auth failed”. In the browser’s Developer Tools I can see that this XHR request leads to a 404:

    https://example.org/wp-admin/admin-ajax.php?action=wwa_auth_start&user=&type=auth

    NinjaFirewall logs:

    POST /wp-admin/admin-ajax.php - Blocked access to admin-ajax.php - [bot detection is enabled] - example.org

    Is NinjaFirewall overblocking here or have I configured it incorrectly?

Viewing 1 replies (of 1 total)
  • Plugin Author nintechnet

    (@nintechnet)

    2 years, 9 months ago

    If the application doesn’t send any proper HTTP headers (charset, encoding, language etc), it is detected as a bot/script and thus is blocked.
    You will need to disable that policy, I’m afraid.

Viewing 1 replies (of 1 total)

The topic ‘Breaks WP-WebAuthn plugin’ is closed to new replies.