Don't signal accepted credentials on localhost

Stormheg · Stormheg · commit d25af9c1630d · 2025-11-22T17:27:13.000+01:00
This may prevent developers from using Passkeys they have created for
other applications.
diff --git a/client/src/sync_signals.ts b/client/src/sync_signals.ts
@@ -69,6 +69,15 @@ declare var PublicKeyCredential: PublicKeyCredentialConstructor;
     );
   }
 
+  // If we are on localhost, skip signaling all accepted credentials as this may
+  // remove credentials from other applications also using localhost
+  if (window.location.hostname === "localhost") {
+    console.log(
+      "[WebAuthn] Skipping PublicKeyCredential.signalAllAcceptedCredentials since we are on localhost, this may affect other applications.",
+    );
+    return;
+  }
+
   // Signal all accepted credentials
   if (
     typeof PublicKeyCredential === "undefined" ||
