Updated Caddy Example with hint about X-Frame-Origin DENY blocking FIDO WebAuthn requests

2026-03-22 09:49:20 -07:00 · 2022-10-08 12:04:42 +02:00
parent 430d294007
commit 3940e6f5f4
1 changed files with 1 additions and 0 deletions
--- a/Proxy-examples.md
+++ b/Proxy-examples.md
@@ -39,6 +39,7 @@ If you prefer, you can also directly specify a value instead of substituting an
  encode gzip

  # Uncomment to improve security (WARNING: only use if you understand the implications!)
+  # If you want to use FIDO2 WebAuthn, set X-Frame-Options to "SAMEORIGIN" or the Browser will block those requests
  # header {
  #      # Enable HTTP Strict Transport Security (HSTS)
  #      Strict-Transport-Security "max-age=31536000;"