Fix Vaultwarden iframe embedding by stripping upstream CSP header

Vaultwarden sends a restrictive Content-Security-Policy with frame-ancestors that blocks iframe embedding. The embed proxy (port 8890) already stripped this header, but the subdomain server block did not. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-10 18:26:41 -06:00 · 2026-03-10 18:26:41 -06:00 · 9267f070b3
commit 9267f070b3
parent 33e1ff2907
1 changed files with 1 additions and 0 deletions
--- a/nginx/conf.d/services.conf.template
+++ b/nginx/conf.d/services.conf.template
@ -194,6 +194,7 @@ server {
        set $upstream_vaultwarden http://vaultwarden-changemaker:80;
        proxy_pass $upstream_vaultwarden;
        proxy_hide_header X-Frame-Options;
+        proxy_hide_header Content-Security-Policy;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;