[Vaultwarden] Issues with default Web Security Headers #1901
Description
After setting up my Vaultwarden instance in reference to the guide I was facing issues using 2-step login with the Bitwarden desktop application.
Requests to /webauthn-connector.html were failing with ERR_BLOCKED_BY_RESPONSE - after looking into Vaultwarden's headers I noticed that paths *connector.html and /notifications/{anonymous-,}hub do not carry the X-Frame-Options: SAMEORIGIN header.
Apparently this is in line with upstream Bitwarden and necessary to circumvent just the issue I was facing. After suppressing that default header on the specific paths, I am able to log into my vault as expected.