From ecf964ea3b009b79d4dfaa731007c548157d45d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C4=93teris=20Caune?= <cuu508@gmail.com>
Date: Sun, 15 Nov 2020 21:49:25 +0200
Subject: [PATCH] Remove a verify_origin workaround

---
 hc/accounts/views.py | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/hc/accounts/views.py b/hc/accounts/views.py
index ebad82cd..cae62a3f 100644
--- a/hc/accounts/views.py
+++ b/hc/accounts/views.py
@@ -574,16 +574,11 @@ def remove_project(request, code):
     return redirect("hc-index")
 
 
-def _verify_origin(aaa):
-    return lambda o: True
-
-
 @login_required
 @require_sudo_mode
 def add_credential(request):
     rp = PublicKeyCredentialRpEntity("localhost", "Healthchecks")
-    # FIXME use HTTPS, remove the verify_origin hack
-    server = Fido2Server(rp, verify_origin=_verify_origin)
+    server = Fido2Server(rp)
 
     if request.method == "POST":
         form = forms.AddCredentialForm(request.POST)
@@ -639,8 +634,7 @@ def remove_credential(request, code):
 
 def login_tfa(request):
     rp = PublicKeyCredentialRpEntity("localhost", "Healthchecks")
-    # FIXME use HTTPS, remove the verify_origin hack
-    server = Fido2Server(rp, verify_origin=_verify_origin)
+    server = Fido2Server(rp)
 
     if "2fa_user_id" not in request.session:
         return HttpResponseBadRequest()