Refer to RelyingParty.origins setting in origin mismatch error message

emlun · emlun · commit 20fddc91fa1e · 2023-11-27T16:02:57.000+01:00
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishAssertionSteps.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishAssertionSteps.java
@@ -400,7 +400,8 @@ public void validate() {
       final String responseOrigin = response.getResponse().getClientData().getOrigin();
       assertTrue(
           OriginMatcher.isAllowed(responseOrigin, origins, allowOriginPort, allowOriginSubdomain),
-          "Incorrect origin: " + responseOrigin);
+          "Incorrect origin, please see the RelyingParty.origins setting: %s",
+          responseOrigin);
     }
 
     @Override
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationSteps.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationSteps.java
@@ -215,7 +215,8 @@ public void validate() {
       final String responseOrigin = clientData.getOrigin();
       assertTrue(
           OriginMatcher.isAllowed(responseOrigin, origins, allowOriginPort, allowOriginSubdomain),
-          "Incorrect origin: " + responseOrigin);
+          "Incorrect origin, please see the RelyingParty.origins setting: %s",
+          responseOrigin);
     }
 
     @Override

Original file line number	Diff line number	Diff line change
`@@ -400,7 +400,8 @@ public void validate() {`
`400`	`400`	`final String responseOrigin = response.getResponse().getClientData().getOrigin();`
`401`	`401`	`assertTrue(`
`402`	`402`	`OriginMatcher.isAllowed(responseOrigin, origins, allowOriginPort, allowOriginSubdomain),`
`403`		`- "Incorrect origin: " + responseOrigin);`
	`403`	`+ "Incorrect origin, please see the RelyingParty.origins setting: %s",`
	`404`	`+ responseOrigin);`
`404`	`405`	`}`
`405`	`406`
`406`	`407`	`@Override`
Original file line number	Diff line number	Diff line change
`@@ -215,7 +215,8 @@ public void validate() {`
`215`	`215`	`final String responseOrigin = clientData.getOrigin();`
`216`	`216`	`assertTrue(`
`217`	`217`	`OriginMatcher.isAllowed(responseOrigin, origins, allowOriginPort, allowOriginSubdomain),`
`218`		`- "Incorrect origin: " + responseOrigin);`
	`218`	`+ "Incorrect origin, please see the RelyingParty.origins setting: %s",`
	`219`	`+ responseOrigin);`
`219`	`220`	`}`
`220`	`221`
`221`	`222`	`@Override`