I’ve slowly been transitioning to a self-hosted vaultwarden instance, but noticed that I cannot use the desktop bitwarden apps with FIDO 2FA enabled. The frame responsible for handling the authentication hangs on loading, I belive it is because the X-Frame-Options header is set to sameorigin. I have vaultwarden behind an Apache2 proxy as specified in the proxy examples, but I cannot see anything in my configuration that might set up that header.
Would you happen to know if this is something I need to fix within Apache2 or if this header is added by vaultwarden?
I had slightly tweaked the examples, but the changes I did make (mod_md and HSTS) shouldn’t have added that header. I dug around a bit more and it was set in one of the global config files (-_(\). I forgot that it was possible to set global stuff and didn’t expect it to be in another unrelated file. I probably added it at some point and forgot it ever existed.
Thank you for ruling out vaultwarden! I’m happy I can finally use desktop clients.