-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WebAuthn broken on clients for Unified server #2536
Labels
Comments
Skimige
added
bug
bw-unified-deploy
An Issue related to Bitwarden unified deployment
labels
Jan 4, 2023
54 tasks
Your assessment looks good and is probably what we will want. You can similarly see those in the standard deployments file. @vgrassia should we add these to the template? server/util/Setup/Templates/NginxConfig.hbs Lines 82 to 101 in 5036304
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Steps To Reproduce
webauthn-connector.html
iframe is refused to be displayed; More details can be checked through Dev ToolsExpected Result
FIDO2 WebAuthn iframe can load and properly prompts user to insert a key / complete 2FA.
Actual Result
Client chromium refuses to display
webauthn-connector.html
iframe because ofX-Frame-Options
(andContent-Security-Policy
maybe, ifX-Frame-Options
is removed, not tested, just assumption)Screenshots or Videos
Additional Context
Request URL:
https://bitwarden.yourdomain.tld/webauthn-connector.html?data=......&&parent=file%253A%252F%252F%252FC%253A%252FUsers%252F<Username>%252FAppData%252FLocal%252FPrograms%252FBitwarden%252Fresources%252Fapp.asar%252Findex.html%2523%252F2fa&btnText=%25E9%25AA%258C%25E8%25AF%2581%2520WebAuthn&v=1
Response Headers captured from Dev Tools:
I have a temporary workaround to fix this, which is to modify the nginx config inside the docker container. I create this by checking difference of unified nginx hbs template and normal nginx hbs template.
(not a generated diff, self-formartted)
In the actual case, the hbs template should be updated to fix this issue. In the master branch, the config template does not change
I don't create a pull request directly because I'm not that familiar with nginx and I think the temporary workaround does not look concise.
Githash Version
455d62e-dirty
Environment Details
5:20.10.22~3-0~debian-bullseye
Database Image
madiadb:10
Issue-Link
#2480
Issue Tracking Info
The text was updated successfully, but these errors were encountered: