From 3940e6f5f42b9e6254eef93f4bd7b6469a372727 Mon Sep 17 00:00:00 2001 From: Philipp Marmet Date: Sat, 8 Oct 2022 12:04:42 +0200 Subject: [PATCH] Updated Caddy Example with hint about X-Frame-Origin DENY blocking FIDO WebAuthn requests --- Proxy-examples.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Proxy-examples.md b/Proxy-examples.md index 1e56f3a..fb00a19 100644 --- a/Proxy-examples.md +++ b/Proxy-examples.md @@ -39,6 +39,7 @@ If you prefer, you can also directly specify a value instead of substituting an encode gzip # Uncomment to improve security (WARNING: only use if you understand the implications!) + # If you want to use FIDO2 WebAuthn, set X-Frame-Options to "SAMEORIGIN" or the Browser will block those requests # header { # # Enable HTTP Strict Transport Security (HSTS) # Strict-Transport-Security "max-age=31536000;"