Chrome Extension blocks related origin requests (ROR)

[flooyo]

Steps To Reproduce

1. Go to ror-1.glitch.me & ror-2.glitch.me to spin up the pages
2. Install the Bitwarden Chrome extension and log in to your account
3. Visit ror-2.glitch.me (which should make a call to ror-1.glitch.me/.well-known/webauthn)
4. Lookup the Error message within the ServiceWorker

Expected Result

No error message, a call to the rp.id’s webauthn well-known endpoint should be made.

Actual Result

The Login into the Site is not possbile:
Console: {"lineNumber":2,"message":"[Fido2Client] 'rp.id' cannot be used with the current origin: rp.id = ror-1.glitch.me; origin = https://ror-2.glitch.me","message_level":2,"sourceIdentifier":3,"sourceURL":"chrome-extension://nngceckbapebfimnlniiiahkandclblb/background.js"}

Screenshots or Videos

Additional Context

No response

Operating System

macOS

Operating System Version

No response

Web Browser

Chrome

Browser Version

No response

Build Version

2024.12.4

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[bitwarden-bot]

Thank you for reporting this issue! We've added this to our internal tracking system.
ID: PM-17017

[jtodddd]

Hi there,

Thank you for your report!

I was able to reproduce this issue, and I have flagged this to our engineering team.

If you wish to add any further information/screenshots/recordings etc., please feel free to do so at any time - our engineering team will be happy to review these.

Thanks once again!