starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-02-05 00:29:40 +03:00
Code Issues 32 Packages Projects Releases 10 Wiki Activity

Browser extensions stopped working #1226

New Issue
Closed
opened 2026-02-05 00:20:11 +03:00 by OVERLORD · 5 comments
OVERLORD commented 2026-02-05 00:20:11 +03:00
Owner
Copy Link

Originally created by @dmirtillo on GitHub (Mar 1, 2022).

Subject of the issue

The browser extensions for Firefox and Google chrome suddendly stopped working. I've tried:

  • reviewing the configuration
  • updating the templates for .env file, docker compose, reverse proxy conf to no avail
  • upon further inspection it looks like the browser extensions are requesting two non-existant routes upon login, details below

Deployment environment

  • Vaultwarden version: v1.24.0
  • Web-vault version: v2.25.1
  • Running within Docker: true (Base: Debian)
  • Environment settings overridden: true
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Database type: MySQL
  • Database version: 10.5.13-MariaDB-log
  • Clients used:
  • Reverse proxy and version:
  • Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN, YUBICO_CLIENT_ID, YUBICO_SECRET_KEY, YUBICO_SERVER, SMTP_HOST, SMTP_FROM, SMTP_FROM_NAME, SMTP_USERNAME, SMTP_PASSWORD, SMTP_TIMEOUT

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_max_conns": 5,
  "database_url": "*****://*********:*************!@*******:****/*********",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://********.***/**/",
  "domain_origin": "*****://********.***",
  "domain_path": "/**",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 5 * * * *",
  "emergency_request_timeout_schedule": "0 5 * * * *",
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_org_name": "*****",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": "/path/to/log",
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": true,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_explicit_tls": false,
  "smtp_from": "********@********.**",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "****.*****.***",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": "********@********.**",
  "templates_folder": "data/templates",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": "64777",
  "yubico_secret_key": "***",
  "yubico_server": "http://*****.org/bw/wsapi/2.0/verify"
}

Steps to reproduce

Logging in through the browser extensions, after configuring the on-premise Server URL in the extension settings

Expected behaviour

I'm supposed to log in. This works as expected through the Mac OS app and the web-vault

Actual behaviour

The browser extension says there is an unexpected error.
The vaultwarden docker logs show the info below

Troubleshooting data

vaultwarden | POST /bw/accounts/prelogin application/json; charset=utf-8:
vaultwarden | => Error: No matching routes for POST /bw/accounts/prelogin application/json; charset=utf-8.
vaultwarden | => Warning: Responding with 404 Not Found catcher.
vaultwarden | => Response succeeded.
vaultwarden | POST /bw/connect/token application/x-www-form-urlencoded; charset=utf-8:
vaultwarden | => Error: No matching routes for POST /bw/connect/token application/x-www-form-urlencoded; charset=utf-8.
vaultwarden | => Warning: Responding with 404 Not Found catcher.
vaultwarden | => Response succeeded.

Originally created by @dmirtillo on GitHub (Mar 1, 2022). ### Subject of the issue The browser extensions for Firefox and Google chrome suddendly stopped working. I've tried: - reviewing the configuration - updating the templates for .env file, docker compose, reverse proxy conf to no avail - upon further inspection it looks like the browser extensions are requesting two non-existant routes upon login, details below ### Deployment environment * Vaultwarden version: v1.24.0 * Web-vault version: v2.25.1 * Running within Docker: true (Base: Debian) * Environment settings overridden: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: MySQL * Database version: 10.5.13-MariaDB-log * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN, YUBICO_CLIENT_ID, YUBICO_SECRET_KEY, YUBICO_SERVER, SMTP_HOST, SMTP_FROM, SMTP_FROM_NAME, SMTP_USERNAME, SMTP_PASSWORD, SMTP_TIMEOUT ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_ip_header_enabled": true, "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_max_conns": 5, "database_url": "*****://*********:*************!@*******:****/*********", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://********.***/**/", "domain_origin": "*****://********.***", "domain_path": "/**", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 5 * * * *", "emergency_request_timeout_schedule": "0 5 * * * *", "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_org_name": "*****", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": "/path/to/log", "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": true, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": false, "smtp_from": "********@********.**", "smtp_from_name": "Vaultwarden", "smtp_host": "****.*****.***", "smtp_password": "***", "smtp_port": 587, "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": "********@********.**", "templates_folder": "data/templates", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": "64777", "yubico_secret_key": "***", "yubico_server": "http://*****.org/bw/wsapi/2.0/verify" } ``` </details> * Install method: Docker * Clients used: browser extension (firefox, chrome), web vault, Mac OS App * Reverse proxy and version: nginx, swag from linuxserver.io => https://github.com/linuxserver/reverse-proxy-confs/blob/master/vaultwarden.subfolder.conf.sample * MySQL/MariaDB or PostgreSQL version: MariaDB * Other relevant details: ### Steps to reproduce Logging in through the browser extensions, after configuring the on-premise Server URL in the extension settings ### Expected behaviour I'm supposed to log in. This works as expected through the Mac OS app and the web-vault ### Actual behaviour The browser extension says there is an unexpected error. The vaultwarden docker logs show the info below ### Troubleshooting data vaultwarden | POST /bw/accounts/prelogin application/json; charset=utf-8: vaultwarden | => Error: No matching routes for POST /bw/accounts/prelogin application/json; charset=utf-8. vaultwarden | => Warning: Responding with 404 Not Found catcher. vaultwarden | => Response succeeded. vaultwarden | POST /bw/connect/token application/x-www-form-urlencoded; charset=utf-8: vaultwarden | => Error: No matching routes for POST /bw/connect/token application/x-www-form-urlencoded; charset=utf-8. vaultwarden | => Warning: Responding with 404 Not Found catcher. vaultwarden | => Response succeeded.
OVERLORD commented 2026-02-05 00:20:16 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Mar 1, 2022):

The nginx config you provided shows /vaultwarden/ and the error shows /bw/ i guess there is a configuration issue here 😉

Besides that, it works for me on a fresh profile of Firefox and newly installed Bitwarden Extension.

@BlackDex commented on GitHub (Mar 1, 2022): The nginx config you provided shows `/vaultwarden/` and the error shows `/bw/` i guess there is a configuration issue here :wink: Besides that, it works for me on a fresh profile of Firefox and newly installed Bitwarden Extension.
OVERLORD commented 2026-02-05 00:20:18 +03:00
Author
Owner
Copy Link

@dmirtillo commented on GitHub (Mar 1, 2022):

Sorry, i shared the template and not the actual configuration, which has the correct domain_path set

Here's the reverse-proxy configuration:

## Version 2022/02/08
## Environmental Variable DOMAIN=https://<DOMAIN>/vaultwarden must be set in vaultwarden container including subfolder.
## This is using ports 80 and 3012
location /bw {
    return 301 $scheme://$host/bw/;
}

location ^~ /bw/ {
    # enable the next two lines for http auth
    #auth_basic "Restricted";
    #auth_basic_user_file /config/nginx/.htpasswd;

    # enable the next two lines for ldap auth
    #auth_request /auth;
    #error_page 401 =200 /ldaplogin;

    # enable for Authelia
    #include /config/nginx/authelia-location.conf;

    include /config/nginx/proxy.conf;
    include /config/nginx/resolver.conf;
    set $upstream_app vaultwarden;
    set $upstream_port 80;
    set $upstream_proto http;
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;

}

location ~ (/bw)?/admin {
    # enable the next two lines for http auth
    #auth_basic "Restricted";
    #auth_basic_user_file /config/nginx/.htpasswd;

    # enable the next two lines for ldap auth
    #auth_request /auth;
    #error_page 401 =200 /ldaplogin;

    # enable for Authelia
    #include /config/nginx/authelia-location.conf;

    include /config/nginx/proxy.conf;
    include /config/nginx/resolver.conf;
    set $upstream_app vaultwarden;
    set $upstream_port 80;
    set $upstream_proto http;
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;

}

location ~ (/bw)?/notifications/hub {
    include /config/nginx/proxy.conf;
    include /config/nginx/resolver.conf;
    set $upstream_app vaultwarden;
    set $upstream_port 3012;
    set $upstream_proto http;
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;

}

location ~ (/bw)?/notifications/hub/negotiate {
    include /config/nginx/proxy.conf;
    include /config/nginx/resolver.conf;
    set $upstream_app vaultwarden;
    set $upstream_port 80;
    set $upstream_proto http;
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;

}

I've tried also uninstalling the extension and reinstalling it on both browser, but still no joy.
Do you know if there's anything else I might want to try in order to connect the extensions back to the server?
They were working fine prior to the extension update that has been pushed.

Are those two paths new?
I'm talking about /bw/accounts/prelogin and /bw/connect/token

@dmirtillo commented on GitHub (Mar 1, 2022): Sorry, i shared the template and not the actual configuration, which has the correct domain_path set Here's the reverse-proxy configuration: ``` ## Version 2022/02/08 ## Environmental Variable DOMAIN=https://<DOMAIN>/vaultwarden must be set in vaultwarden container including subfolder. ## This is using ports 80 and 3012 location /bw { return 301 $scheme://$host/bw/; } location ^~ /bw/ { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /ldaplogin; # enable for Authelia #include /config/nginx/authelia-location.conf; include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app vaultwarden; set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } location ~ (/bw)?/admin { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /ldaplogin; # enable for Authelia #include /config/nginx/authelia-location.conf; include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app vaultwarden; set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } location ~ (/bw)?/notifications/hub { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app vaultwarden; set $upstream_port 3012; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } location ~ (/bw)?/notifications/hub/negotiate { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app vaultwarden; set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } ``` I've tried also uninstalling the extension and reinstalling it on both browser, but still no joy. Do you know if there's anything else I might want to try in order to connect the extensions back to the server? They were working fine prior to the extension update that has been pushed. Are those two paths new? I'm talking about `/bw/accounts/prelogin` and `/bw/connect/token`
OVERLORD commented 2026-02-05 00:20:23 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Mar 1, 2022):

Those are there already, and working.
So nothing has changed there.
Also, you use regex/match for location, that can have strange effects.
I suggest to take a look at my example for nginx with sub-path here: https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples (Though i might have some optimizations for that now i see it, but that should at least work).

@BlackDex commented on GitHub (Mar 1, 2022): Those are there already, and working. So nothing has changed there. Also, you use regex/match for location, that can have strange effects. I suggest to take a look at my example for nginx with sub-path here: https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples (Though i might have some optimizations for that now i see it, but that should at least work).
OVERLORD commented 2026-02-05 00:20:25 +03:00
Author
Owner
Copy Link

@dmirtillo commented on GitHub (Mar 1, 2022):

Thanks for the tips and patience! I managed to solve the issue i was having.

For anyone else stumbling upon similar issue, I solved it by only inputting the Server URL variable inside the SELF-HOSTED ENVIRONMENT section of the browser extension configuration. I cleared out any URL in the CUSTOM ENVIRONMENT section.

Seems like the other values were working in the previous browser extension version, and the CUSTOM ENVIRONMENT now causes some kind of issue.

@BlackDex you can close this issue if you don't feel the need to investigate further

@dmirtillo commented on GitHub (Mar 1, 2022): Thanks for the tips and patience! I managed to solve the issue i was having. For anyone else stumbling upon similar issue, I solved it by only inputting the `Server URL` variable inside the `SELF-HOSTED ENVIRONMENT` section of the browser extension configuration. I cleared out any URL in the `CUSTOM ENVIRONMENT` section. Seems like the other values were working in the previous browser extension version, and the `CUSTOM ENVIRONMENT` now causes some kind of issue. @BlackDex you can close this issue if you don't feel the need to investigate further
OVERLORD commented 2026-02-05 00:20:27 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Mar 1, 2022):

Ah, those extra options are indeed not needed at all 😄

@BlackDex commented on GitHub (Mar 1, 2022): Ah, those extra options are indeed not needed at all :smile:
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
troubleshooting
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#1226
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?