Hi everybody,
I really need your help to understand what happened.
Today I found this in the main UI.
Service retarted, cache cleared, tested on 2 browsers → same.
I just upgraded to the vaultwarden-1.29.1 today → same.
I don’t know if it’s a coincidence, but I noticed the problem just after hardening my https / headers configuration with the help of Mozilla Observatory and SSL Lab …
Service is running on freebsd jail behind a https reverse proxy ranked A+ on Mozilla and SSL Lab test …
It looks like an attempted hack or something or a side effect of the http headers I changed … no ? Otherwise how simply changing the http header could add html / js to the page ??