also the desktop app just shows a black screen (but i can use TOTP ok)
(i can use backup TOTP) and logs in OK, ideally for convenience id rather use the security key each time…
is this a known issue or do i have a setting wrong somewhere or is this something I need to raise on Bitwardens forum?
if it makes a difference i am not using the standard port 443
(but i do have the correct url:port in the custom settings in extension & app)
Check your DOMAIN config, or your reverse proxy setup.
Most settings you can validate via /admin/diagnostics, but some like headers you will need to check if your reverse proxy is blocking/removing or modifying some security headers which are default set by Vaultwarden already where needed.
Some security options like ModSecurity for example cause issues.
sign in to web vault prompts & works
sign in from desktop app or extension failis to connect, which i why im thinking it maybe an issue with bitwardens official app/extension being able to use custom ports?
weirdly after disabling the 3 below with # then its working… but any one of these doesn’t seem to make any difference… thanks for the heads up its working now, but i need to ensure ive not dramatically reduced my security doing this!
content security policy
# HSTS, remove # from the line below to enable HSTS
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
# Optional additional headers
#add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'";
#add_header X-Frame-Options "SAMEORIGIN" always;
tada i now get prompted in app & extension for the key
thanks so much for your help, i need to read up & understand more on these headers