You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Logout from Windows Client (for example), reset session from web vault if necessary
Try to login from Windows Client
At "FIDO2 WebAuthn" page, the webauthn-connector.html iframe is refused to be displayed; More details can be checked through Dev Tools
Expected Result
FIDO2 WebAuthn iframe can load and properly prompts user to insert a key / complete 2FA.
Actual Result
Client chromium refuses to display webauthn-connector.html iframe because of X-Frame-Options (and Content-Security-Policy maybe, if X-Frame-Options is removed, not tested, just assumption)
I have a temporary workaround to fix this, which is to modify the nginx config inside the docker container. I create this by checking difference of unified nginx hbs template and normal nginx hbs template.
(not a generated diff, self-formartted)
I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
The text was updated successfully, but these errors were encountered:
Your assessment looks good and is probably what we will want. You can similarly see those in the standard deployments file. @vgrassia should we add these to the template?
Steps To Reproduce
webauthn-connector.html
iframe is refused to be displayed; More details can be checked through Dev ToolsExpected Result
FIDO2 WebAuthn iframe can load and properly prompts user to insert a key / complete 2FA.
Actual Result
Client chromium refuses to display
webauthn-connector.html
iframe because ofX-Frame-Options
(andContent-Security-Policy
maybe, ifX-Frame-Options
is removed, not tested, just assumption)Screenshots or Videos
Additional Context
Request URL:
https://bitwarden.yourdomain.tld/webauthn-connector.html?data=......&&parent=file%253A%252F%252F%252FC%253A%252FUsers%252F<Username>%252FAppData%252FLocal%252FPrograms%252FBitwarden%252Fresources%252Fapp.asar%252Findex.html%2523%252F2fa&btnText=%25E9%25AA%258C%25E8%25AF%2581%2520WebAuthn&v=1
Response Headers captured from Dev Tools:
I have a temporary workaround to fix this, which is to modify the nginx config inside the docker container. I create this by checking difference of unified nginx hbs template and normal nginx hbs template.
(not a generated diff, self-formartted)
In the actual case, the hbs template should be updated to fix this issue. In the master branch, the config template does not change
I don't create a pull request directly because I'm not that familiar with nginx and I think the temporary workaround does not look concise.
Githash Version
455d62e-dirty
Environment Details
5:20.10.22~3-0~debian-bullseye
Database Image
madiadb:10
Issue-Link
#2480
Issue Tracking Info
The text was updated successfully, but these errors were encountered: