Dealing with “localhost”

Secured Context

If your are working on a development environment, https may not be available but the context could be considered as secured. You can bypass the scheme verification by passing the list of rpIds you consider secured.

config/packages/security.yaml
security:
    firewalls:
        main:
            webauthn:
               secured_rp_ids:
                   - 'localhost'

Was this helpful?