[GH-ISSUE #6856] Error enabling “Apply organization data ownership” policy — API 404 + JS TypeError #2555

New issue

Closed

opened 2026-03-03 02:19:24 +03:00 by kerem · 3 comments

kerem commented 2026-03-03 02:19:24 +03:00

Owner

Copy link

Originally created by @allanfrizzo on GitHub (Feb 21, 2026).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/6856

Prerequisites

• I have searched the existing Closed AND Open Issues AND Discussions
• I have searched and read the documentation

Vaultwarden Support String

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.35.3
• Web-vault version: v2026.1.1
• OS/Arch: linux/x86_64
• Running within a container: true (Base: Debian)
• Database type: PostgreSQL
• Database version: PostgreSQL 16.11 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 11.5.0 20240719 (Red Hat 11.5.0-11), 64-bit
• Uses config.json: true
• Uses a reverse proxy: true
• IP Header check: true (X-Real-IP)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• TZ environment: America/Sao_Paulo
• Browser/Server Time Check: true
• Server/NTP Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Websocket Check: true
• HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, ORG_CREATION_USERS, INVITATIONS_ALLOWED, ADMIN_TOKEN, SSO_ENABLED, SSO_ONLY, SSO_SIGNUPS_MATCH_EMAIL, SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION, SSO_CLIENT_ID, SSO_CLIENT_SECRET, SSO_AUTHORITY, SSO_SCOPES, SSO_PKCE, SSO_DEBUG_TOKENS, SMTP_HOST, SMTP_SECURITY, SMTP_PORT, SMTP_FROM, SMTP_USERNAME, SMTP_PASSWORD

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_idle_timeout": 600,
  "database_max_conns": 10,
  "database_min_conns": 2,
  "database_timeout": 30,
  "database_url": "**********://*****************************************************************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "dns_prefer_ipv6": false,
  "domain": "*****://************************",
  "domain_origin": "*****://************************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": false,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Hofund Eaí",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "debug",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "****************,************************",
  "org_events_enabled": true,
  "org_groups_enabled": true,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "purge_incomplete_sso_auth": "0 20 0 * * *",
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "**********",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "*******************",
  "smtp_from_name": "**********",
  "smtp_host": "****************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "**********************",
  "sso_allow_unknown_email_verification": true,
  "sso_audience_trusted": null,
  "sso_auth_only_not_session": false,
  "sso_authority": "*****://*******************************************************************",
  "sso_authorize_extra_params": "",
  "sso_callback_path": "*****://*****************************************************",
  "sso_client_cache_expiration": 0,
  "sso_client_id": "************************************",
  "sso_client_secret": "***",
  "sso_debug_tokens": false,
  "sso_enabled": true,
  "sso_master_password_policy": null,
  "sso_only": true,
  "sso_pkce": true,
  "sso_scopes": "openid profile email offline_access",
  "sso_signups_match_email": true,
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": 180,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Vaultwarden Build Version

1.35.3

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

Caddy 2.1

Host/Server Operating System

Linux

Operating System Version

RockyLinux 9.7

Clients

Web Vault

Client Version

No response

Steps To Reproduce

Environment (Diagnostics)
• Vaultwarden version: v1.35.3
• Web-vault version: v2026.1.1
• OS/Arch: linux/x86_64
• Container: Yes (Debian base)
• Database: PostgreSQL 16.11
• Uses config.json: Yes
• Reverse proxy: Yes
• IP header check: Enabled (X-Real-IP)
• Internet access: Yes
• DNS check: OK
• Timezone: America/Sao_Paulo
• Browser/Server time sync: OK
• NTP sync: OK
• Domain config: OK
• HTTPS: OK
• Websocket: OK
• HTTP response checks: OK

⸻

Description

When attempting to enable the policy “Apply organization data ownership”, the operation fails and the policy is not saved. The UI reports an error and browser console logs show both an API failure and a frontend exception.

⸻

Steps to Reproduce
1. Log in as organization admin
2. Go to Organization → Policies
3. Enable Apply organization data ownership
4. Click Save

⸻

Expected Behavior

Policy should be saved successfully and applied.

⸻

Actual Behavior

Policy save fails and is not applied.

⸻

Console Errors

PUT /api/organizations/{orgId}/policies/5/vnext 404 (Not Found)

Async submit exception:
TypeError: Cannot read properties of undefined (reading 'split')

bootstrap-autofill-overlay.js:
Uncaught (in promise) Error: Extension context invalidated

⸻

Observations
• API returns 404 for endpoint /policies/5/vnext
• Frontend appears to expect a response body but receives undefined
• The error strongly suggests a frontend/server API version mismatch
• Extension overlay error may be unrelated but included for completeness

⸻

Suspected Cause

Web vault version (v2026.1.1) appears to call a newer API route not implemented in Vaultwarden v1.35.3.

⸻

Impact

Unable to enable organization data ownership policy, blocking enforcement of organization-level data ownership and governance controls.

⸻

Workarounds Attempted
• Different browsers
• Incognito mode
• Disabled extensions
• Same result

⸻

Additional Notes

I can provide API traces or server logs if needed for debugging.

Expected Result

.

Actual Result

.

Logs

Screenshots or Videos

No response

Additional Context

No response

Originally created by @allanfrizzo on GitHub (Feb 21, 2026). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/6856 ### Prerequisites - [x] I have searched the existing **Closed _AND_ Open** [Issues](https://github.com/dani-garcia/vaultwarden/issues?q=is%3Aissue%20) **_AND_** [Discussions](https://github.com/dani-garcia/vaultwarden/discussions?discussions_q=) - [x] I have searched and read the [documentation](https://github.com/dani-garcia/vaultwarden/wiki/) ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.35.3 * Web-vault version: v2026.1.1 * OS/Arch: linux/x86_64 * Running within a container: true (Base: Debian) * Database type: PostgreSQL * Database version: PostgreSQL 16.11 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 11.5.0 20240719 (Red Hat 11.5.0-11), 64-bit * Uses config.json: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * TZ environment: America/Sao_Paulo * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Websocket Check: true * HTTP Response Checks: true ### Config & Details (Generated via diagnostics page) <details><summary>Show Config & Details</summary> **Environment settings which are overridden:** DOMAIN, SIGNUPS_ALLOWED, ORG_CREATION_USERS, INVITATIONS_ALLOWED, ADMIN_TOKEN, SSO_ENABLED, SSO_ONLY, SSO_SIGNUPS_MATCH_EMAIL, SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION, SSO_CLIENT_ID, SSO_CLIENT_SECRET, SSO_AUTHORITY, SSO_SCOPES, SSO_PKCE, SSO_DEBUG_TOKENS, SMTP_HOST, SMTP_SECURITY, SMTP_PORT, SMTP_FROM, SMTP_USERNAME, SMTP_PASSWORD **Config:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "***:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_connect_src": "", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_idle_timeout": 600, "database_max_conns": 10, "database_min_conns": 2, "database_timeout": 30, "database_url": "**********://*****************************************************************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "dns_prefer_ipv6": false, "domain": "*****://************************", "domain_origin": "*****://************************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": false, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "Hofund Eaí", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "debug", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "****************,************************", "org_events_enabled": true, "org_groups_enabled": true, "password_hints_allowed": true, "password_iterations": 600000, "purge_incomplete_sso_auth": "0 20 0 * * *", "push_enabled": false, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "**********", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "*******************", "smtp_from_name": "**********", "smtp_host": "****************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "**********************", "sso_allow_unknown_email_verification": true, "sso_audience_trusted": null, "sso_auth_only_not_session": false, "sso_authority": "*****://*******************************************************************", "sso_authorize_extra_params": "", "sso_callback_path": "*****://*****************************************************", "sso_client_cache_expiration": 0, "sso_client_id": "************************************", "sso_client_secret": "***", "sso_debug_tokens": false, "sso_enabled": true, "sso_master_password_policy": null, "sso_only": true, "sso_pkce": true, "sso_scopes": "openid profile email offline_access", "sso_signups_match_email": true, "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": 180, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Vaultwarden Build Version 1.35.3 ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy Caddy 2.1 ### Host/Server Operating System Linux ### Operating System Version RockyLinux 9.7 ### Clients Web Vault ### Client Version _No response_ ### Steps To Reproduce Environment (Diagnostics) • Vaultwarden version: v1.35.3 • Web-vault version: v2026.1.1 • OS/Arch: linux/x86_64 • Container: Yes (Debian base) • Database: PostgreSQL 16.11 • Uses config.json: Yes • Reverse proxy: Yes • IP header check: Enabled (X-Real-IP) • Internet access: Yes • DNS check: OK • Timezone: America/Sao_Paulo • Browser/Server time sync: OK • NTP sync: OK • Domain config: OK • HTTPS: OK • Websocket: OK • HTTP response checks: OK ⸻ Description When attempting to enable the policy “Apply organization data ownership”, the operation fails and the policy is not saved. The UI reports an error and browser console logs show both an API failure and a frontend exception. ⸻ Steps to Reproduce 1. Log in as organization admin 2. Go to Organization → Policies 3. Enable Apply organization data ownership 4. Click Save ⸻ Expected Behavior Policy should be saved successfully and applied. ⸻ Actual Behavior Policy save fails and is not applied. ⸻ Console Errors PUT /api/organizations/{orgId}/policies/5/vnext 404 (Not Found) Async submit exception: TypeError: Cannot read properties of undefined (reading 'split') bootstrap-autofill-overlay.js: Uncaught (in promise) Error: Extension context invalidated ⸻ Observations • API returns 404 for endpoint /policies/5/vnext • Frontend appears to expect a response body but receives undefined • The error strongly suggests a frontend/server API version mismatch • Extension overlay error may be unrelated but included for completeness ⸻ Suspected Cause Web vault version (v2026.1.1) appears to call a newer API route not implemented in Vaultwarden v1.35.3. ⸻ Impact Unable to enable organization data ownership policy, blocking enforcement of organization-level data ownership and governance controls. ⸻ Workarounds Attempted • Different browsers • Incognito mode • Disabled extensions • Same result ⸻ Additional Notes I can provide API traces or server logs if needed for debugging. ### Expected Result . ### Actual Result . ### Logs ```text ``` ### Screenshots or Videos _No response_ ### Additional Context _No response_

kerem 2026-03-03 02:19:24 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-03-03 02:19:25 +03:00

Author

Owner

Copy link

@stepech commented on GitHub (Feb 22, 2026):

Can confirm, worked around this issue by opening developer tools and editing the request (Right clicking the 404 request and chooding "edit and resend") so that it went to address without /vnext and modified request data to be only {"enabled":true,"data":null}.

<!-- gh-comment-id:3941602931 --> @stepech commented on GitHub (Feb 22, 2026): Can confirm, worked around this issue by opening developer tools and editing the request (Right clicking the 404 request and chooding "edit and resend") so that it went to address without `/vnext` and modified request data to be only `{"enabled":true,"data":null}`.

kerem commented 2026-03-03 02:19:25 +03:00

Author

Owner

Copy link

@gabrielmajosi commented on GitHub (Feb 22, 2026):

Can confirm, worked around this issue by opening developer tools and editing the request (Right clicking the 404 request and chooding "edit and resend") so that it went to address without /vnext and modified request data to be only {"enabled":true,"data":null}.

Confirmed this works as a band-aid fix, the frontend/backend is mismatched with the expected input/out likely

<!-- gh-comment-id:3941907567 --> @gabrielmajosi commented on GitHub (Feb 22, 2026): > Can confirm, worked around this issue by opening developer tools and editing the request (Right clicking the 404 request and chooding "edit and resend") so that it went to address without `/vnext` and modified request data to be only `{"enabled":true,"data":null}`. Confirmed this works as a band-aid fix, the frontend/backend is mismatched with the expected input/out likely

kerem commented 2026-03-03 02:19:25 +03:00

Author

Owner

Copy link

@allanfrizzo commented on GitHub (Feb 23, 2026):

How can I verify whether this policy has been applied?

<!-- gh-comment-id:3946591943 --> @allanfrizzo commented on GitHub (Feb 23, 2026): How can I verify whether this policy has been applied?

kerem referenced this issue 2026-03-03 09:25:53 +03:00

[PR #2555] [MERGED] Sync global_domains.json #3108

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#2555

No description provided.