Broken Bitwarden FIDO2 log-in screen embed, Incorrect CSP "frame-ancestors 'self'" policy
-
As you can see, I'm unable to log myself into my Bitwarden instance via a FIDO2 security key, due to the verification embed, from the instancebw.katzei.fris blocked by Vivaldi, due to an incorrect CSP policy :Refused to frame 'https://bw.katzei.fr/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
I had managed to fix that issue in the past, but i forgot how, and especially, where i've managed to bypass this, or add a CSP exception
When forcing to disable CSP policies in the browser, it complains having an issue with x-Frames :
Refused to display 'https://bw.katzei.fr/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
It's only when disabling both bit that this allow the extension to connect correctly.
Extension to disable CSP policies : https://chrome.google.com/webstore/detail/csp-disable/hjngkcigmlhefidinfbdnkegocefpjap?ucbcb=1
Extension to disable X-Frames exceptions :
https://chrome.google.com/webstore/detail/ignore-x-frame-headers/gleekbfjekiniecknbkamfmkohkpodhe/related?ucbcb=1Did i've done anything wrong ? Is it an issue with the Bitwarden extension ? Vivaldi security policies ? Or even the Instance i'm using ?
