mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-02-12 06:24:04 -05:00
2039d3aa45
This hides the "Register" button and shows an error that's specific to one of two ways a browser may not support WebAuthn: - JavaScript is disabled (there's no possible fallback for this). - WebAuthn API is not supported (e.g. on Internet Explorer). We could add a similar check for the API in the JS code to handle the button click, but hiding it seems like enough protection. In order to avoid elements flashing when the page loads, this uses a view macro to embed a script at the start of the body element, which is the same approach used for the "js-enabled" class flag [1]. Tested with Chrome and IE 11. [1]: https://github.com/alphagov/govuk-frontend/blob/main/src/govuk/template.njk#L31
8 lines
260 B
HTML
8 lines
260 B
HTML
{% macro webauthn_api_check() %}
|
|
<script>
|
|
if ('credentials' in window.navigator) {
|
|
document.body.className = ((document.body.className) ? document.body.className + ' webauthn-api-enabled' : 'webauthn-api-enabled');
|
|
}
|
|
</script>
|
|
{% endmacro %}
|