How do you set up WebAuthn? I’d love to use Vaultwarden with my hardware keys, but currently when I try to do it the frame with webauth is being blocked, displays nothing (on Firefox I get info that my domain blocked the attempt to display embedded content).
Check your reverse proxy config. It probably adds headers which prevent frames or other security related settings.
Vaultwarden already provides all the needed security headers where and when needed. So no need to add any extra.
Maybe only the HTST headers, but that depends on the main domain if you want to use that or not.
ahhh, thank you BlackDex. As I’m not an expert when it comes to reverse proxy setup I’ve used the Caddy config found on the official Wiki.
Is it this line that’s the culprit?
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"