[Docs] Example caddy configuration breaks Webauthn login #2039

New Issue

MrUnknownDE · 2026-04-06T02:49:48+02:00

MrUnknownDE commented

2026-04-06 02:49:48 +02:00

Originally created by @ghost on 7/28/2022

I set up my server as per the example in the Caddy + Cloudflare DNS wiki page, and enabled the commented-out "uncomment to improve security" section, since the settings there make sense to me. Unfortunately, this breaks Webauthn login, since it embeds the web UI into itself.

I suggest this change:

+  header /webauthn-connector.html {
+       # allow embedding webauthn page onto sign-in page
+       X-Frame-Options "SAMEORIGIN"
+   }

I'm not sure if there's any other pages on the web UI that also require embedding

*Originally created by @ghost on 7/28/2022* I set up my server as per the example in [the Caddy + Cloudflare DNS wiki page](https://github.com/dani-garcia/vaultwarden/wiki/Caddy-2.x-with-Cloudflare-DNS), and enabled the commented-out "uncomment to improve security" section, since the settings there make sense to me. Unfortunately, this breaks Webauthn login, since it embeds the web UI into itself. I suggest this change: ```diff + header /webauthn-connector.html { + # allow embedding webauthn page onto sign-in page + X-Frame-Options "SAMEORIGIN" + } ``` I'm not sure if there's any other pages on the web UI that also require embedding

MrUnknownDE closed this issue

2026-04-06 02:49:48 +02:00

Sign in to join this conversation.

No Label

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#2039