diff --git a/libs/common/src/vault/services/fido2/fido2-client.service.ts b/libs/common/src/vault/services/fido2/fido2-client.service.ts
index 0932799a78..bbcff8f6dd 100644
--- a/libs/common/src/vault/services/fido2/fido2-client.service.ts
+++ b/libs/common/src/vault/services/fido2/fido2-client.service.ts
@@ -38,6 +38,7 @@ export class Fido2ClientService implements Fido2ClientServiceAbstraction {
     params: CreateCredentialParams,
     abortController = new AbortController()
   ): Promise<CreateCredentialResult> {
+    // debugger;
     const enableFido2VaultCredentials = await this.configService.getFeatureFlagBool(
       FeatureFlag.Fido2VaultCredentials
     );
@@ -200,6 +201,13 @@ export class Fido2ClientService implements Fido2ClientServiceAbstraction {
       throw new FallbackRequestedError();
     }
 
+    if (!params.sameOriginWithAncestors) {
+      this.logService?.warning(
+        `[Fido2Client] Invalid 'sameOriginWithAncestors' value: ${params.sameOriginWithAncestors}`
+      );
+      throw new DOMException("Invalid 'sameOriginWithAncestors' value", "NotAllowedError");
+    }
+
     const { domain: effectiveDomain } = parse(params.origin, { allowPrivateDomains: true });
     if (effectiveDomain == undefined) {
       this.logService?.warning(`[Fido2Client] Invalid origin: ${params.origin}`);