Description
Describe the bug
When trying to add a 2FA security device, I get a JSON.parse error due to a 500 Internal Server Error from a XHR POST to during validation. (I think it's not related to #9086)
Expected behavior
I get confirmation of 2FA security device.
To Reproduce
- Go to https://test.pypi.org/manage/account/webauthn-provision
- Name security device
- Read prompt for anonymization (this may be due to enhanced tracking protection):
test.pypi.org is requesting extended information
about your security key, which may affect your
privacy.Firefox can anonymize this for you, but the website
might decline this key. If declined, you can try again.- Anonymize anyway
- Click on Proceed (I tested without anonymization, so it shouldn't have been a problem; I will test with anonymization to confirm if this is also an issue).
- Update: if I do anonymize I get a different error, which I think is not applicable to the scope of this bug report.
Registration rejected. Error: Authenticator attestation is required.
- Update: if I do anonymize I get a different error, which I think is not applicable to the scope of this bug report.
- Read notification
test.pypi.org wants to register an account with one
of your security keys. You can connect and authorize
one now, or cancel. - Insert security device, which should begin flashing.
- Press button on security device to validate.
- Get following error:
JSON.parse: unexpected character at line 1 column 1 of the JSON data
My Platform
- Browser: Firefox 88.0b2 (64-bit)
- OS: Ubuntu 20.10
- Connectivity: VPN through WireGuard.
- Add-ons: I tried this with all add-ons---except NoScript---disabled (but I allowed all scripts to run temporarily in NoScript).
Additional context
There are other JS errors in the console, mainly due to some conflicts due to the Content Security Policy:
