starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-26 01:35:54 +03:00
Code Issues 39 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #5887] Access to fetch at [domain] from origin [chrome extention id] has been blocked by CORS #2276

New issue
Closed
opened 2026-03-03 02:16:50 +03:00 by kerem · 10 comments
kerem commented 2026-03-03 02:16:50 +03:00
Owner
Copy link

Originally created by @HyperNylium on GitHub (May 26, 2025).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/5887

Vaultwarden Support String

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.33.2
  • Web-vault version: v2025.1.1
  • OS/Arch: linux/x86_64
  • Running within a container: true (Base: Debian)
  • Database type: SQLite
  • Database version: 3.48.0
  • Environment settings overridden!: false
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Browser/Server Time Check: true
  • Server/NTP Time Check: n/a
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Websocket Check: true
  • HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*************************",
  "domain_origin": "*****://*************************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "fido2-vault-credentials",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "*******************",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "**************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "*******************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Vaultwarden Build Version

1.33.2

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

Nginx Proxy Manager

Host/Server Operating System

Linux

Operating System Version

Ubuntu 24.04 LTS

Clients

Browser Extension

Client Version

v2025.5.0

Steps To Reproduce

Where i got the CORS error log (keep this window open for the next step):

  1. Goto "chrome://extensions/" and enable dev mode and the top right.
  2. In the "Bitwarden Password Manager" box, click on the "service worker" link. "DevTools" should pop up with the extentions logs.
  3. Continue with the login normal process.

Now do the normal login:

  1. Set "Accessing" to "Self-hosted" and put the domain address in there.
  2. Log into server with email and master password.
  3. Passwords do not load, spinning wheel of doom.

Expected Result

Passwords to show up.

Actual Result

No passwords show up. Spinning wheel instead.

Logs

WebAssembly is supported in this environment
background.js:2 WASM SDK loaded in 131ms
background.js:2 No state version found, assuming empty state.
background.js:2 Uncaught Error: Null or undefined account
    at background.js:2:1001167
    at background.js:2:670703
    at t._next (background.js:2:670137)
    at t.next (background.js:2:663750)
    at t._subscribe (background.js:2:807255)
    at t._trySubscribe (background.js:2:666216)
    at t._trySubscribe (background.js:2:668501)
    at background.js:2:666138
    at _ (background.js:2:663458)
    at t.subscribe (background.js:2:666052)Understand this error
8background.js:2 Uncaught (in promise) Error: The extensions gallery cannot be scripted.Understand this error
Access to fetch at 'https://vaultwarden.[mydomain].com/api/config' from origin 'chrome-extension://nngceckbapebfimnlniiiahkandclblb' has been blocked by CORS policy: Permission was denied for this request to access the `unknown` address space.Understand this error
background.js:2 Unable to fetch ServerConfig from https://vaultwarden.[mydomain].com/api TypeError: Failed to fetch
    at rA.nativeFetch (background.js:2:1471078)
    at rA.<anonymous> (background.js:2:1471038)
    at Generator.next (<anonymous>)
    at s (background.js:2:1446102)
write @ background.js:2
error @ background.js:2
(anonymous) @ background.js:2
o @ background.js:2
Promise.then
l @ background.js:2
(anonymous) @ background.js:2
Xh @ background.js:2
renewConfig @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
Xh @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
_ @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
_ @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
_ @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
_ @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
_ @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
next @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
Promise.then
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
_ @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
_ @ background.js:2
(anonymous) @ background.js:2
u @ background.js:2
c @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
i @ background.js:2Understand this error
background.js:2 Self-host environment did not respond in time, emitting previous config.
Access to fetch at 'https://vaultwarden.[mydomain].com/api/config' from origin 'chrome-extension://nngceckbapebfimnlniiiahkandclblb' has been blocked by CORS policy: Permission was denied for this request to access the `unknown` address space.Understand this error
background.js:2 Unable to fetch ServerConfig from https://vaultwarden.[mydomain].com/api TypeError: Failed to fetch
    at rA.nativeFetch (background.js:2:1471078)
    at rA.<anonymous> (background.js:2:1471038)
    at Generator.next (<anonymous>)
    at s (background.js:2:1446102)
write @ background.js:2
error @ background.js:2
(anonymous) @ background.js:2
o @ background.js:2
Promise.then
l @ background.js:2
(anonymous) @ background.js:2
Xh @ background.js:2
renewConfig @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
Xh @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
_ @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
next @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
Promise.then
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
_ @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
_ @ background.js:2
(anonymous) @ background.js:2
u @ background.js:2
c @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
_ @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
_ @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
_ @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
_ @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
_ @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
next @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
_ @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
next @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
Promise.then
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
_ @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
_ @ background.js:2
(anonymous) @ background.js:2
u @ background.js:2
c @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
i @ background.js:2Understand this error
background.js:2 WebSocket connected to wss://vaultwarden.[mydomain].com/notifications/hub?access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJuYmYiOjE3NDgyOTMwMDYsImV4cCI6MTc0ODMwMDIwNiwiaXNzIjoiaHR0cHM6Ly92YXVsdHdhcmRlbi5obmhvbWVsYWIuY29tfGxvZ2luIiwic3ViIjoiMWI3MjI0MTEtYTVmZC00OGY0LTlhZjAtZTU5NzA1Y2M0OTMyIiwicHJlbWl1bSI6dHJ1ZSwibmFtZSI6Ikh5cGVyTnlsaXVtIiwiZW1haWwiOiJkYXZpZHBpdmlrMTIzQGdtYWlsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJzc3RhbXAiOiJhOTMzYTkxZS1kNGJkLTQ4MmQtOGIxYS01NDFjZTgxNjc5YTMiLCJkZXZpY2UiOiI5NzA5N2NiNy1jYmY1LTQ2NGEtYTliYy05NzdiNzA2YWQxYjEiLCJzY29wZSI6WyJhcGkiLCJvZmZsaW5lX2FjY2VzcyJdLCJhbXIiOlsiQXBwbGljYXRpb24iXX0.s0NvhQ_IR8d5Aj1ZXzySPc5b5iIzwSEWEY9xc-2tCVTDunR5-yQ4x1cWtqHXwKNcVcp4ilSAjAPbmSBNOhF9hMPfri3IK-Zlk76JtJsneqQMZjcN9bWg00PvW1Vs3UVhq6WTHqQ1cxRD6erp_LYNSWX1aVBevzLniX3QF94l1y63qXu11AFFQ0H7yqS-wr4rqd0AqZ_IxNXE6FKP5jkpVxYE6KXWcDKxdKFnA-F2kfJuNcjDJFmD17o9XsmHPz_Uu8x5lu8ow4nc6Pn5De5KcNM08VSqpbfBmLbyu18iz5fw_Fepe9iLJBB9OYEoZvwaAEpdmw6yGjhti-zieCoEOA.
background.js:2 Using HubProtocol 'messagepack'.
Access to fetch at 'https://vaultwarden.[mydomain].com/identity/connect/token' from origin 'chrome-extension://nngceckbapebfimnlniiiahkandclblb' has been blocked by CORS policy: Permission was denied for this request to access the `unknown` address space.Understand this error
background.js:2 Error refreshing access token:  TypeError: Failed to fetch
    at rA.nativeFetch (background.js:2:1471078)
    at rA.<anonymous> (background.js:2:1471038)
    at Generator.next (<anonymous>)
    at s (background.js:2:1446102)
write @ background.js:2
error @ background.js:2
(anonymous) @ background.js:2
o @ background.js:2
Promise.then
l @ background.js:2
(anonymous) @ background.js:2
nA @ background.js:2
refreshIdentityToken @ background.js:2
(anonymous) @ background.js:2
s @ background.js:2
Promise.then
l @ background.js:2
s @ background.js:2
Promise.then
l @ background.js:2
s @ background.js:2
Promise.then
l @ background.js:2
(anonymous) @ background.js:2
Ub @ background.js:2
fullSync @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
AJ @ background.js:2
doFullSync @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
AJ @ background.js:2
(anonymous) @ background.js:2
u @ background.js:2
c @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
_ @ background.js:2
(anonymous) @ background.js:2
next @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
i @ background.js:2Understand this error
background.js:2 
            
            
           
        
       Uncaught (in promise) TypeError: Failed to fetch
    at rA.nativeFetch (background.js:2:1471078)
    at rA.<anonymous> (background.js:2:1471038)
    at Generator.next (<anonymous>)
    at s (background.js:2:1446102)
nativeFetch @ background.js:2
(anonymous) @ background.js:2
s @ background.js:2
Promise.then
l @ background.js:2
(anonymous) @ background.js:2
nA @ background.js:2
fetch @ background.js:2
(anonymous) @ background.js:2
s @ background.js:2
Promise.then
l @ background.js:2
s @ background.js:2
Promise.then
l @ background.js:2
s @ background.js:2
Promise.then
l @ background.js:2
s @ background.js:2
Promise.then
l @ background.js:2
(anonymous) @ background.js:2
nA @ background.js:2
refreshAccessToken @ background.js:2
(anonymous) @ background.js:2
s @ background.js:2
Promise.then
l @ background.js:2
(anonymous) @ background.js:2
nA @ background.js:2
internalRefreshToken @ background.js:2
refreshToken @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
nA @ background.js:2
refreshIdentityToken @ background.js:2
(anonymous) @ background.js:2
s @ background.js:2
Promise.then
l @ background.js:2
s @ background.js:2
Promise.then
l @ background.js:2
s @ background.js:2
Promise.then
l @ background.js:2
(anonymous) @ background.js:2
Ub @ background.js:2
fullSync @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
AJ @ background.js:2
doFullSync @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
AJ @ background.js:2
(anonymous) @ background.js:2
u @ background.js:2
c @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
_ @ background.js:2
(anonymous) @ background.js:2
next @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
(anonymous) @ background.js:2
i @ background.js:2Understand this error
background.js:2 Self-host environment did not respond in time, emitting previous config.

Screenshots or Videos

Log itself:

Image

Spinning wheel:

Image

Additional Context

Im not sure if this is a "its only happening to you" issue. Have tried both my PC (where the issue first caught my attention) and my laptop, which both were broken. My laptop hasn't been turned on for a week or so and this was working a week ago (i think...). On my laptop, the passwords were still showing but syncing the vault was failing.

Extention version: v2025.5.0 (uninstalled and reinstalled for testing and still same issue)
Chrome version: 137.0.7151.41

The full error:

Access to fetch at 'https://vaultwarden.[mydomain].com/identity/connect/token' from origin 'chrome-extension://[some id]' has been blocked by CORS policy: Permission was denied for this request to access the `unknown` address space

Heres my docker compose file if needed:

services:
  vaultwarden:
    image: vaultwarden/server:1.33.2 # was ":latest" but the newest version (v1.34.0) has issues with the "/admin/diagnostics" page.
    container_name: vaultwarden
    restart: unless-stopped
    ports:
      - 4001:80
    volumes:
      - /home/docker/vaultwarden/appdata:/data:rw
    env_file:
      - path: ./.env
        required: true
    environment:
      - ADMIN_TOKEN=${ADMIN_TOKEN}
      - WEBSOCKET_ENABLED=${WEBSOCKET_ENABLED}
      - SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED}
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_FROM=${SMTP_FROM}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_SECURITY=${SMTP_SECURITY}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - DOMAIN=${DOMAIN}

If this does become a "its only happening to you" issue, i ask that someone point me in the right direction. Typing my passwords manually SUCKS :(

Originally created by @HyperNylium on GitHub (May 26, 2025). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/5887 ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.33.2 * Web-vault version: v2025.1.1 * OS/Arch: linux/x86_64 * Running within a container: true (Base: Debian) * Database type: SQLite * Database version: 3.48.0 * Environment settings overridden!: false * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: n/a * Domain Configuration Check: true * HTTPS Check: true * Websocket Check: true * HTTP Response Checks: true ### Config & Details (Generated via diagnostics page) <details><summary>Show Config & Details</summary> **Config:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "***:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_connect_src": "", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*************************", "domain_origin": "*****://*************************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "fido2-vault-credentials", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "push_enabled": false, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "*******************", "smtp_from_name": "Vaultwarden", "smtp_host": "**************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "*******************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Vaultwarden Build Version 1.33.2 ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy Nginx Proxy Manager ### Host/Server Operating System Linux ### Operating System Version Ubuntu 24.04 LTS ### Clients Browser Extension ### Client Version v2025.5.0 ### Steps To Reproduce Where i got the CORS error log (keep this window open for the next step): 1. Goto "chrome://extensions/" and enable dev mode and the top right. 2. In the "Bitwarden Password Manager" box, click on the "service worker" link. "DevTools" should pop up with the extentions logs. 3. Continue with the login normal process. Now do the normal login: 1. Set "Accessing" to "Self-hosted" and put the domain address in there. 2. Log into server with email and master password. 3. Passwords do not load, spinning wheel of doom. ### Expected Result Passwords to show up. ### Actual Result No passwords show up. Spinning wheel instead. ### Logs ```text WebAssembly is supported in this environment background.js:2 WASM SDK loaded in 131ms background.js:2 No state version found, assuming empty state. background.js:2 Uncaught Error: Null or undefined account at background.js:2:1001167 at background.js:2:670703 at t._next (background.js:2:670137) at t.next (background.js:2:663750) at t._subscribe (background.js:2:807255) at t._trySubscribe (background.js:2:666216) at t._trySubscribe (background.js:2:668501) at background.js:2:666138 at _ (background.js:2:663458) at t.subscribe (background.js:2:666052)Understand this error 8background.js:2 Uncaught (in promise) Error: The extensions gallery cannot be scripted.Understand this error Access to fetch at 'https://vaultwarden.[mydomain].com/api/config' from origin 'chrome-extension://nngceckbapebfimnlniiiahkandclblb' has been blocked by CORS policy: Permission was denied for this request to access the `unknown` address space.Understand this error background.js:2 Unable to fetch ServerConfig from https://vaultwarden.[mydomain].com/api TypeError: Failed to fetch at rA.nativeFetch (background.js:2:1471078) at rA.<anonymous> (background.js:2:1471038) at Generator.next (<anonymous>) at s (background.js:2:1446102) write @ background.js:2 error @ background.js:2 (anonymous) @ background.js:2 o @ background.js:2 Promise.then l @ background.js:2 (anonymous) @ background.js:2 Xh @ background.js:2 renewConfig @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 Xh @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 _ @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 _ @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 _ @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 _ @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 _ @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 next @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 Promise.then (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 _ @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 _ @ background.js:2 (anonymous) @ background.js:2 u @ background.js:2 c @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 i @ background.js:2Understand this error background.js:2 Self-host environment did not respond in time, emitting previous config. Access to fetch at 'https://vaultwarden.[mydomain].com/api/config' from origin 'chrome-extension://nngceckbapebfimnlniiiahkandclblb' has been blocked by CORS policy: Permission was denied for this request to access the `unknown` address space.Understand this error background.js:2 Unable to fetch ServerConfig from https://vaultwarden.[mydomain].com/api TypeError: Failed to fetch at rA.nativeFetch (background.js:2:1471078) at rA.<anonymous> (background.js:2:1471038) at Generator.next (<anonymous>) at s (background.js:2:1446102) write @ background.js:2 error @ background.js:2 (anonymous) @ background.js:2 o @ background.js:2 Promise.then l @ background.js:2 (anonymous) @ background.js:2 Xh @ background.js:2 renewConfig @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 Xh @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 _ @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 next @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 Promise.then (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 _ @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 _ @ background.js:2 (anonymous) @ background.js:2 u @ background.js:2 c @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 _ @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 _ @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 _ @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 _ @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 _ @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 next @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 _ @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 next @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 Promise.then (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 _ @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 _ @ background.js:2 (anonymous) @ background.js:2 u @ background.js:2 c @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 i @ background.js:2Understand this error background.js:2 WebSocket connected to wss://vaultwarden.[mydomain].com/notifications/hub?access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJuYmYiOjE3NDgyOTMwMDYsImV4cCI6MTc0ODMwMDIwNiwiaXNzIjoiaHR0cHM6Ly92YXVsdHdhcmRlbi5obmhvbWVsYWIuY29tfGxvZ2luIiwic3ViIjoiMWI3MjI0MTEtYTVmZC00OGY0LTlhZjAtZTU5NzA1Y2M0OTMyIiwicHJlbWl1bSI6dHJ1ZSwibmFtZSI6Ikh5cGVyTnlsaXVtIiwiZW1haWwiOiJkYXZpZHBpdmlrMTIzQGdtYWlsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJzc3RhbXAiOiJhOTMzYTkxZS1kNGJkLTQ4MmQtOGIxYS01NDFjZTgxNjc5YTMiLCJkZXZpY2UiOiI5NzA5N2NiNy1jYmY1LTQ2NGEtYTliYy05NzdiNzA2YWQxYjEiLCJzY29wZSI6WyJhcGkiLCJvZmZsaW5lX2FjY2VzcyJdLCJhbXIiOlsiQXBwbGljYXRpb24iXX0.s0NvhQ_IR8d5Aj1ZXzySPc5b5iIzwSEWEY9xc-2tCVTDunR5-yQ4x1cWtqHXwKNcVcp4ilSAjAPbmSBNOhF9hMPfri3IK-Zlk76JtJsneqQMZjcN9bWg00PvW1Vs3UVhq6WTHqQ1cxRD6erp_LYNSWX1aVBevzLniX3QF94l1y63qXu11AFFQ0H7yqS-wr4rqd0AqZ_IxNXE6FKP5jkpVxYE6KXWcDKxdKFnA-F2kfJuNcjDJFmD17o9XsmHPz_Uu8x5lu8ow4nc6Pn5De5KcNM08VSqpbfBmLbyu18iz5fw_Fepe9iLJBB9OYEoZvwaAEpdmw6yGjhti-zieCoEOA. background.js:2 Using HubProtocol 'messagepack'. Access to fetch at 'https://vaultwarden.[mydomain].com/identity/connect/token' from origin 'chrome-extension://nngceckbapebfimnlniiiahkandclblb' has been blocked by CORS policy: Permission was denied for this request to access the `unknown` address space.Understand this error background.js:2 Error refreshing access token: TypeError: Failed to fetch at rA.nativeFetch (background.js:2:1471078) at rA.<anonymous> (background.js:2:1471038) at Generator.next (<anonymous>) at s (background.js:2:1446102) write @ background.js:2 error @ background.js:2 (anonymous) @ background.js:2 o @ background.js:2 Promise.then l @ background.js:2 (anonymous) @ background.js:2 nA @ background.js:2 refreshIdentityToken @ background.js:2 (anonymous) @ background.js:2 s @ background.js:2 Promise.then l @ background.js:2 s @ background.js:2 Promise.then l @ background.js:2 s @ background.js:2 Promise.then l @ background.js:2 (anonymous) @ background.js:2 Ub @ background.js:2 fullSync @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 AJ @ background.js:2 doFullSync @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 AJ @ background.js:2 (anonymous) @ background.js:2 u @ background.js:2 c @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 _ @ background.js:2 (anonymous) @ background.js:2 next @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 i @ background.js:2Understand this error background.js:2 Uncaught (in promise) TypeError: Failed to fetch at rA.nativeFetch (background.js:2:1471078) at rA.<anonymous> (background.js:2:1471038) at Generator.next (<anonymous>) at s (background.js:2:1446102) nativeFetch @ background.js:2 (anonymous) @ background.js:2 s @ background.js:2 Promise.then l @ background.js:2 (anonymous) @ background.js:2 nA @ background.js:2 fetch @ background.js:2 (anonymous) @ background.js:2 s @ background.js:2 Promise.then l @ background.js:2 s @ background.js:2 Promise.then l @ background.js:2 s @ background.js:2 Promise.then l @ background.js:2 s @ background.js:2 Promise.then l @ background.js:2 (anonymous) @ background.js:2 nA @ background.js:2 refreshAccessToken @ background.js:2 (anonymous) @ background.js:2 s @ background.js:2 Promise.then l @ background.js:2 (anonymous) @ background.js:2 nA @ background.js:2 internalRefreshToken @ background.js:2 refreshToken @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 nA @ background.js:2 refreshIdentityToken @ background.js:2 (anonymous) @ background.js:2 s @ background.js:2 Promise.then l @ background.js:2 s @ background.js:2 Promise.then l @ background.js:2 s @ background.js:2 Promise.then l @ background.js:2 (anonymous) @ background.js:2 Ub @ background.js:2 fullSync @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 AJ @ background.js:2 doFullSync @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 AJ @ background.js:2 (anonymous) @ background.js:2 u @ background.js:2 c @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 _ @ background.js:2 (anonymous) @ background.js:2 next @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 (anonymous) @ background.js:2 i @ background.js:2Understand this error background.js:2 Self-host environment did not respond in time, emitting previous config. ``` ### Screenshots or Videos Log itself: ![Image](https://github.com/user-attachments/assets/1cf398ca-12df-4bee-a509-c0c8c79a37d7) Spinning wheel: ![Image](https://github.com/user-attachments/assets/4ed9cafc-286c-4ff5-84a0-12f26e216930) ### Additional Context Im not sure if this is a "its only happening to you" issue. Have tried both my PC (where the issue first caught my attention) and my laptop, which both were broken. My laptop hasn't been turned on for a week or so and this was working a week ago (i think...). On my laptop, the passwords were still showing but syncing the vault was failing. Extention version: v2025.5.0 (uninstalled and reinstalled for testing and still same issue) Chrome version: 137.0.7151.41 The full error: ``` Access to fetch at 'https://vaultwarden.[mydomain].com/identity/connect/token' from origin 'chrome-extension://[some id]' has been blocked by CORS policy: Permission was denied for this request to access the `unknown` address space ``` Heres my docker compose file if needed: ``` services: vaultwarden: image: vaultwarden/server:1.33.2 # was ":latest" but the newest version (v1.34.0) has issues with the "/admin/diagnostics" page. container_name: vaultwarden restart: unless-stopped ports: - 4001:80 volumes: - /home/docker/vaultwarden/appdata:/data:rw env_file: - path: ./.env required: true environment: - ADMIN_TOKEN=${ADMIN_TOKEN} - WEBSOCKET_ENABLED=${WEBSOCKET_ENABLED} - SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED} - SMTP_HOST=${SMTP_HOST} - SMTP_FROM=${SMTP_FROM} - SMTP_PORT=${SMTP_PORT} - SMTP_SECURITY=${SMTP_SECURITY} - SMTP_USERNAME=${SMTP_USERNAME} - SMTP_PASSWORD=${SMTP_PASSWORD} - DOMAIN=${DOMAIN} ``` If this does become a "its only happening to you" issue, i ask that someone point me in the right direction. Typing my passwords manually SUCKS :(
kerem 2026-03-03 02:16:50 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-03-03 02:16:51 +03:00
Author
Owner
Copy link

@dani-garcia commented on GitHub (May 26, 2025):

Is this a new installation or did it use to work and it broke recently?

Can you check if the requests have the correct CORS headers set? The proxy should be passing them through.

You can run curl -v https://vaultwarden.[yourdomain].com/api/config. You should see a Content-Security-Policy header that contains something like frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb

<!-- gh-comment-id:2910645374 --> @dani-garcia commented on GitHub (May 26, 2025): Is this a new installation or did it use to work and it broke recently? Can you check if the requests have the correct CORS headers set? The proxy should be passing them through. You can run `curl -v https://vaultwarden.[yourdomain].com/api/config`. You should see a `Content-Security-Policy` header that contains something like `frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb`
kerem commented 2026-03-03 02:16:51 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (May 26, 2025):

Also try to check the /admin/diagnostics page and see if there are issues there.

<!-- gh-comment-id:2910646475 --> @BlackDex commented on GitHub (May 26, 2025): Also try to check the `/admin/diagnostics` page and see if there are issues there.
kerem commented 2026-03-03 02:16:51 +03:00
Author
Owner
Copy link

@HyperNylium commented on GitHub (May 26, 2025):

@dani-garcia

Is this a new installation or did it use to work and it broke recently?

Was working until today at 5:43 AM. That was the last time the vault synced successfully.

Can you check if the requests have the correct CORS headers set? The proxy should be passing them through.
You can run curl -v https://vaultwarden.[yourdomain].com/api/config. You should see a Content-Security-Policy header that contains something like frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb

Heres the output to that:

* Host vaultwarden.[mydomain].com:443 was resolved.
* IPv6: (none)
* IPv4: 192.168.245.5
*   Trying 192.168.245.5:443...
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* ALPN: server accepted http/1.1
* Connected to vaultwarden.[mydomain].com (192.168.245.5) port 443
* using HTTP/1.x
> GET /api/config HTTP/1.1
> Host: vaultwarden.[mydomain].com
> User-Agent: curl/8.11.1
> Accept: */*
>
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection renegotiated
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection renegotiated
< HTTP/1.1 200 OK
< Server: openresty
< Date: Mon, 26 May 2025 21:22:58 GMT
< Content-Type: application/json
< Content-Length: 540
< Connection: keep-alive
< permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
< x-frame-options: SAMEORIGIN
< x-content-type-options: nosniff
< referrer-policy: same-origin
< x-robots-tag: noindex, nofollow
< x-xss-protection: 0
< cross-origin-resource-policy: same-origin
< content-security-policy: default-src 'none'; font-src 'self'; manifest-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ;
< cache-control: no-cache, no-store, max-age=0
< Strict-Transport-Security: max-age=63072000; preload
< X-Served-By: vaultwarden.[mydomain].com
<
{"environment":{"api":"https://vaultwarden.[mydomain].com/api","identity":"https://vaultwarden.[mydomain].com/identity","notifications":"https://vaultwarden.[mydomain].com/notifications","sso":"","vault":"https://vaultwarden.[mydomain].com"},"featureStates":{"fido2-vault-credentials":true,"flexible-collections-v-1":false,"key-rotation-improvements":true},"gitHash":"1f868b8d","object":"config","server":{"name":"Vaultwarden","url":"https://github.com/dani-garcia/vaultwarden"},"settings":{"disableUserRegistration":true},"version":"2025.1.0"}* Connection #0 to host vaultwarden.[mydomain].com left intact
<!-- gh-comment-id:2910651011 --> @HyperNylium commented on GitHub (May 26, 2025): @dani-garcia > Is this a new installation or did it use to work and it broke recently? Was working until today at 5:43 AM. That was the last time the vault synced successfully. > Can you check if the requests have the correct CORS headers set? The proxy should be passing them through. > You can run `curl -v https://vaultwarden.[yourdomain].com/api/config`. You should see a `Content-Security-Policy` header that contains something like `frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb` Heres the output to that: ``` * Host vaultwarden.[mydomain].com:443 was resolved. * IPv6: (none) * IPv4: 192.168.245.5 * Trying 192.168.245.5:443... * schannel: disabled automatic use of client certificate * ALPN: curl offers http/1.1 * ALPN: server accepted http/1.1 * Connected to vaultwarden.[mydomain].com (192.168.245.5) port 443 * using HTTP/1.x > GET /api/config HTTP/1.1 > Host: vaultwarden.[mydomain].com > User-Agent: curl/8.11.1 > Accept: */* > * schannel: remote party requests renegotiation * schannel: renegotiating SSL/TLS connection * schannel: SSL/TLS connection renegotiated * schannel: remote party requests renegotiation * schannel: renegotiating SSL/TLS connection * schannel: SSL/TLS connection renegotiated < HTTP/1.1 200 OK < Server: openresty < Date: Mon, 26 May 2025 21:22:58 GMT < Content-Type: application/json < Content-Length: 540 < Connection: keep-alive < permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=() < x-frame-options: SAMEORIGIN < x-content-type-options: nosniff < referrer-policy: same-origin < x-robots-tag: noindex, nofollow < x-xss-protection: 0 < cross-origin-resource-policy: same-origin < content-security-policy: default-src 'none'; font-src 'self'; manifest-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ; < cache-control: no-cache, no-store, max-age=0 < Strict-Transport-Security: max-age=63072000; preload < X-Served-By: vaultwarden.[mydomain].com < {"environment":{"api":"https://vaultwarden.[mydomain].com/api","identity":"https://vaultwarden.[mydomain].com/identity","notifications":"https://vaultwarden.[mydomain].com/notifications","sso":"","vault":"https://vaultwarden.[mydomain].com"},"featureStates":{"fido2-vault-credentials":true,"flexible-collections-v-1":false,"key-rotation-improvements":true},"gitHash":"1f868b8d","object":"config","server":{"name":"Vaultwarden","url":"https://github.com/dani-garcia/vaultwarden"},"settings":{"disableUserRegistration":true},"version":"2025.1.0"}* Connection #0 to host vaultwarden.[mydomain].com left intact ```
kerem commented 2026-03-03 02:16:51 +03:00
Author
Owner
Copy link

@HyperNylium commented on GitHub (May 26, 2025):

@BlackDex

Also try to check the /admin/diagnostics page and see if there are issues there.

It says everything is normal.

Image

<!-- gh-comment-id:2910654773 --> @HyperNylium commented on GitHub (May 26, 2025): @BlackDex > Also try to check the `/admin/diagnostics` page and see if there are issues there. It says everything is normal. ![Image](https://github.com/user-attachments/assets/79cba075-e5c9-4d27-b08d-bff41af937e5)
kerem commented 2026-03-03 02:16:51 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (May 26, 2025):

Strange.

  • Which chrome version?
  • Which extension version?
  • Which OS/Version?
<!-- gh-comment-id:2910660549 --> @BlackDex commented on GitHub (May 26, 2025): Strange. - Which chrome version? - Which extension version? - Which OS/Version?
kerem commented 2026-03-03 02:16:51 +03:00
Author
Owner
Copy link

@HyperNylium commented on GitHub (May 26, 2025):

@BlackDex

  • Which chrome version?

Chrome version: 137.0.7151.41

  • Which extension version?

Extention version: v2025.5.0 (uninstalled and reinstalled for testing and still same issue)

  • Which OS/Version?

Windows 11 23H2 builld num 22631.5189

EDIT: Just wanted to add that i have also tested with Windows 11 24H2 and i have the same issue.

<!-- gh-comment-id:2910663104 --> @HyperNylium commented on GitHub (May 26, 2025): @BlackDex > * Which chrome version? Chrome version: 137.0.7151.41 > * Which extension version? Extention version: v2025.5.0 (uninstalled and reinstalled for testing and still same issue) > * Which OS/Version? Windows 11 23H2 builld num 22631.5189 EDIT: Just wanted to add that i have also tested with Windows 11 24H2 and i have the same issue.
kerem commented 2026-03-03 02:16:51 +03:00
Author
Owner
Copy link

@HyperNylium commented on GitHub (May 26, 2025):

Also wanted to add that on IOS and ipadOS works just fine. Same DNS and proxy server, just on apple instead of chrome/windows

Copied from Bitwarden "Settings > About" page
© Bitwarden Inc. 2015–2025

Version: 2025.4.0 (2072)
📱 iPhone13,3 🍏 iOS 18.3.1 📦 Production
🧱 commit: bitwarden/ios/release/2025.04-rc8@956e05db67344c912e3a1b8cb2609165d67da1c9
💻 build source: bitwarden/ios/actions/runs/14577221141/attempts/1

<!-- gh-comment-id:2910776207 --> @HyperNylium commented on GitHub (May 26, 2025): Also wanted to add that on IOS and ipadOS works just fine. Same DNS and proxy server, just on apple instead of chrome/windows Copied from Bitwarden "Settings > About" page © Bitwarden Inc. 2015–2025 Version: 2025.4.0 (2072) 📱 iPhone13,3 🍏 iOS 18.3.1 📦 Production 🧱 commit: bitwarden/ios/release/2025.04-rc8@956e05db67344c912e3a1b8cb2609165d67da1c9 💻 build source: bitwarden/ios/actions/runs/14577221141/attempts/1
kerem commented 2026-03-03 02:16:51 +03:00
Author
Owner
Copy link

@HyperNylium commented on GitHub (May 27, 2025):

Ok, something interesting. Downloaded the desktop app for Windows and it connected. Difference? The desktop apps latest version is 2025.4.x while the chrome extention is 2025.5.x. This may be something to do with the Bitwarden extention.

Do you guys know if Bitwarden has an archive of extention packages that i can install manually through dev mode by chance?

<!-- gh-comment-id:2910798115 --> @HyperNylium commented on GitHub (May 27, 2025): Ok, something interesting. Downloaded the desktop app for Windows and it connected. Difference? The desktop apps latest version is 2025.4.x while the chrome extention is 2025.5.x. This may be something to do with the Bitwarden extention. Do you guys know if Bitwarden has an archive of extention packages that i can install manually through dev mode by chance?
kerem commented 2026-03-03 02:16:51 +03:00
Author
Owner
Copy link

@HyperNylium commented on GitHub (May 27, 2025):

Found out where the "archive" is (anything that starts with "Browser"): https://github.com/bitwarden/clients/releases

Went back 5 versions and was still having the issue. On the PC that i was having issues, i lanched Windows Sandbox, installed chrome and Bitwarden extention and everything worked fine. Passwords sync like they should. Weird part is that i am getting that CORS error on both my PC and laptop, but the VM works fine. So i guess its something else interfering with it. Lovely Monday...

The last thing i would ask is what can cause the CORS issue? What should i be looking for/testing?

And for the proxy server side, what should i try adding into the "Advanced" box? Anything special needed/i should try out?

Image

<!-- gh-comment-id:2910915786 --> @HyperNylium commented on GitHub (May 27, 2025): Found out where the "archive" is (anything that starts with "Browser"): https://github.com/bitwarden/clients/releases Went back 5 versions and was still having the issue. On the PC that i was having issues, i lanched Windows Sandbox, installed chrome and Bitwarden extention and everything worked fine. Passwords sync like they should. Weird part is that i am getting that CORS error on both my PC and laptop, but the VM works fine. So i guess its something else interfering with it. Lovely Monday... The last thing i would ask is what can cause the CORS issue? What should i be looking for/testing? And for the proxy server side, what should i try adding into the "Advanced" box? Anything special needed/i should try out? ![Image](https://github.com/user-attachments/assets/98359ec9-8546-465e-a610-c60ace44c8a5)
kerem commented 2026-03-03 02:16:51 +03:00
Author
Owner
Copy link

@HyperNylium commented on GitHub (May 27, 2025):

Fixed it. tldr: I am an idiot.

Watched Thiojoe's video on some cool chrome flags to enable for extra security. Chose some that looked relevant to me (enabled 3 in the entire video).
The flag called Local Network Access Checks was the culprit... Once disabled, everything started to work again.

Thank you for the help! Hope you two have a great rest of your day :)

<!-- gh-comment-id:2910931116 --> @HyperNylium commented on GitHub (May 27, 2025): Fixed it. tldr: I am an idiot. Watched [Thiojoe's video](https://youtu.be/9nl6hO0ECgM?si=c89BShaNNmm2hvt4) on some cool chrome flags to enable for extra security. Chose some that looked relevant to me (enabled 3 in the entire video). The flag called `Local Network Access Checks` was the culprit... Once disabled, everything started to work again. Thank you for the help! Hope you two have a great rest of your day :)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
revert-7033-patch-1
cached-config-operations
test_dylint
1.35.8
1.35.7
1.35.6
1.35.5
1.35.4
1.35.3
1.35.2
1.35.1
1.35.0
1.34.3
1.34.2
1.34.1
1.34.0
1.33.2
1.33.1
1.33.0
1.32.7
1.32.6
1.32.5
1.32.4
1.32.3
1.32.2
1.32.1
1.32.0
1.31.0
1.30.5
1.30.4
1.30.3
1.30.2
1.30.1
1.30.0
1.29.2
1.29.1
1.29.0
1.28.1
1.28.0
1.27.0
1.26.0
1.25.2
1.25.1
1.25.0
1.24.0
1.23.1
1.23.0
1.22.2
1.22.1
1.22.0
1.21.0
1.20.0
1.19.0
1.18.0
1.17.0
1.16.3
1.16.2
1.16.1
1.16.0
1.15.1
1.15.0
1.14.2
1.14.1
1.14
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.1
1.9.0
1.8.0
1.7.0
1.6.1
1.6.0
1.5.0
1.4.0
1.3.0
1.2.0
1.1.0
1.0.0
0.13.0
0.12.0
0.11.0
0.10.0
0.9.0
Labels
Clear labels   
SSO

   
Third party

   
better for forum

   
bug

   
bug

   
documentation

   
duplicate

   
enhancement

   
future Vault

   
future Vault

   
future Vault

   
good first issue

   
help wanted

   
low priority

   
notes

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
troubleshooting

   
wontfix
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden#2276
No description provided.