mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-04-26 01:35:54 +03:00
[GH-ISSUE #5887] Access to fetch at [domain] from origin [chrome extention id] has been blocked by CORS #2276
Labels
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/vaultwarden#2276
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @HyperNylium on GitHub (May 26, 2025).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/5887
Vaultwarden Support String
Your environment (Generated via diagnostics page)
Config & Details (Generated via diagnostics page)
Show Config & Details
Config:
Vaultwarden Build Version
1.33.2
Deployment method
Official Container Image
Custom deployment method
No response
Reverse Proxy
Nginx Proxy Manager
Host/Server Operating System
Linux
Operating System Version
Ubuntu 24.04 LTS
Clients
Browser Extension
Client Version
v2025.5.0
Steps To Reproduce
Where i got the CORS error log (keep this window open for the next step):
Now do the normal login:
Expected Result
Passwords to show up.
Actual Result
No passwords show up. Spinning wheel instead.
Logs
Screenshots or Videos
Log itself:
Spinning wheel:
Additional Context
Im not sure if this is a "its only happening to you" issue. Have tried both my PC (where the issue first caught my attention) and my laptop, which both were broken. My laptop hasn't been turned on for a week or so and this was working a week ago (i think...). On my laptop, the passwords were still showing but syncing the vault was failing.
Extention version: v2025.5.0 (uninstalled and reinstalled for testing and still same issue)
Chrome version: 137.0.7151.41
The full error:
Heres my docker compose file if needed:
If this does become a "its only happening to you" issue, i ask that someone point me in the right direction. Typing my passwords manually SUCKS :(
@dani-garcia commented on GitHub (May 26, 2025):
Is this a new installation or did it use to work and it broke recently?
Can you check if the requests have the correct CORS headers set? The proxy should be passing them through.
You can run
curl -v https://vaultwarden.[yourdomain].com/api/config. You should see aContent-Security-Policyheader that contains something likeframe-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb@BlackDex commented on GitHub (May 26, 2025):
Also try to check the
/admin/diagnosticspage and see if there are issues there.@HyperNylium commented on GitHub (May 26, 2025):
@dani-garcia
Was working until today at 5:43 AM. That was the last time the vault synced successfully.
Heres the output to that:
@HyperNylium commented on GitHub (May 26, 2025):
@BlackDex
It says everything is normal.
@BlackDex commented on GitHub (May 26, 2025):
Strange.
@HyperNylium commented on GitHub (May 26, 2025):
@BlackDex
Chrome version: 137.0.7151.41
Extention version: v2025.5.0 (uninstalled and reinstalled for testing and still same issue)
Windows 11 23H2 builld num 22631.5189
EDIT: Just wanted to add that i have also tested with Windows 11 24H2 and i have the same issue.
@HyperNylium commented on GitHub (May 26, 2025):
Also wanted to add that on IOS and ipadOS works just fine. Same DNS and proxy server, just on apple instead of chrome/windows
Copied from Bitwarden "Settings > About" page
© Bitwarden Inc. 2015–2025
Version: 2025.4.0 (2072)
📱 iPhone13,3 🍏 iOS 18.3.1 📦 Production
🧱 commit: bitwarden/ios/release/2025.04-rc8@956e05db67344c912e3a1b8cb2609165d67da1c9
💻 build source: bitwarden/ios/actions/runs/14577221141/attempts/1
@HyperNylium commented on GitHub (May 27, 2025):
Ok, something interesting. Downloaded the desktop app for Windows and it connected. Difference? The desktop apps latest version is 2025.4.x while the chrome extention is 2025.5.x. This may be something to do with the Bitwarden extention.
Do you guys know if Bitwarden has an archive of extention packages that i can install manually through dev mode by chance?
@HyperNylium commented on GitHub (May 27, 2025):
Found out where the "archive" is (anything that starts with "Browser"): https://github.com/bitwarden/clients/releases
Went back 5 versions and was still having the issue. On the PC that i was having issues, i lanched Windows Sandbox, installed chrome and Bitwarden extention and everything worked fine. Passwords sync like they should. Weird part is that i am getting that CORS error on both my PC and laptop, but the VM works fine. So i guess its something else interfering with it. Lovely Monday...
The last thing i would ask is what can cause the CORS issue? What should i be looking for/testing?
And for the proxy server side, what should i try adding into the "Advanced" box? Anything special needed/i should try out?
@HyperNylium commented on GitHub (May 27, 2025):
Fixed it. tldr: I am an idiot.
Watched Thiojoe's video on some cool chrome flags to enable for extra security. Chose some that looked relevant to me (enabled 3 in the entire video).
The flag called
Local Network Access Checkswas the culprit... Once disabled, everything started to work again.Thank you for the help! Hope you two have a great rest of your day :)