From 9776871c149e20bcc6ede94032b6a225b215e0ce Mon Sep 17 00:00:00 2001
From: Juraj Hilje <juraj.hilje@gmail.com>
Date: Sat, 21 Mar 2026 14:03:42 +0100
Subject: [PATCH] feat(middleware): update auth.go

---
 api/internal/middleware/auth/auth.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/api/internal/middleware/auth/auth.go b/api/internal/middleware/auth/auth.go
index d9795592..8a6b2c82 100644
--- a/api/internal/middleware/auth/auth.go
+++ b/api/internal/middleware/auth/auth.go
@@ -127,9 +127,9 @@ func NewCookieTempAuthn(token string, path string, cfg config.APIConfig) *fiber.
 func NewWebAuthn(cfg config.APIConfig) *webauthn.WebAuthn {
 	var webAuthn *webauthn.WebAuthn
 	config := &webauthn.Config{
-		RPDisplayName: cfg.Name,                     // Display Name for your site
-		RPID:          cfg.FQDN,                     // Generally the FQDN for your site
-		RPOrigins:     []string{cfg.ApiAllowOrigin}, // The origin URLs allowed for WebAuthn requests
+		RPDisplayName: cfg.Name,                               // Display Name for your site
+		RPID:          cfg.FQDN,                               // Generally the FQDN for your site
+		RPOrigins:     strings.Split(cfg.ApiAllowOrigin, ","), // The origin URLs allowed for WebAuthn requests
 	}
 
 	webAuthn, err := webauthn.New(config)