starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-02-05 00:29:40 +03:00
Code Issues 32 Packages Projects Releases 10 Wiki Activity

Access to fetch at 'https://2fa.directory/api/v3/totp.json' has been blocked by CORS policy #1457

New Issue
Closed
opened 2026-02-05 00:59:40 +03:00 by OVERLORD · 4 comments
OVERLORD commented 2026-02-05 00:59:40 +03:00
Owner
Copy Link

Originally created by @ob-tk on GitHub (Dec 29, 2022).

Subject of the issue

After update to 1.27.0 [Latest] the ability to check for enabled 2FA is broken.

In the Chrome browser console, the following information:
"Access to fetch at 'https://2fa.directory/api/v3/totp.json' from origin 'https://my.doma.in' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled."

In the Web Vault always "good news".

image

Deployment environment

  • vaultwarden version: 1.27.0 [Latest]

  • Install method: Docker image (vaultwarden/server:latest)

  • Clients used: web wault (Chrome/Firefox/Opera browsers)

  • Reverse proxy and version: nginx/1.23.2

  • MySQL/MariaDB or PostgreSQL version: sqlite3

  • Other relevant details:

Steps to reproduce

Expected behaviour

Actual behaviour

Troubleshooting data

Originally created by @ob-tk on GitHub (Dec 29, 2022). <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue <!-- Describe your issue here. --> After update to **1.27.0 [Latest]** the ability to check for enabled 2FA is broken. In the Chrome browser console, the following information: "Access to fetch at 'https://2fa.directory/api/v3/totp.json' from origin 'https://my.doma.in' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled." In the Web Vault always "**good news**". ![image](https://user-images.githubusercontent.com/17561825/209979702-e38be947-d063-4408-9e4c-bd264b9fafe4.png) ### Deployment environment <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> * vaultwarden version: **1.27.0 [Latest]** <!-- How the server was installed: Docker image, OS package, built from source, etc. --> * Install method: **Docker image** (vaultwarden/server:latest) * Clients used: <!-- web vault, desktop, Android, iOS, etc. (if applicable) --> **web wault** (Chrome/Firefox/Opera browsers) * Reverse proxy and version: <!-- if applicable --> **nginx**/1.23.2 * MySQL/MariaDB or PostgreSQL version: <!-- if applicable --> **sqlite3** * Other relevant details: ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> ### Expected behaviour <!-- Tell us what you expected to happen --> ### Actual behaviour <!-- Tell us what actually happened --> ### Troubleshooting data <!-- Share any log files, screenshots, or other relevant troubleshooting data -->
OVERLORD added the future VaultThird party labels 2026-02-05 00:59:40 +03:00
OVERLORD commented 2026-02-05 00:59:56 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Dec 29, 2022):

Looks like 2fa.directory made some changes, and this also breaks on Bitwarden Self-Hosted environments.
That said, it's not something we can fix in this repo.

@BlackDex commented on GitHub (Dec 29, 2022): Looks like 2fa.directory made some changes, and this also breaks on Bitwarden Self-Hosted environments. That said, it's not something we can fix in this repo.
OVERLORD commented 2026-02-05 00:59:57 +03:00
Author
Owner
Copy Link

@ob-tk commented on GitHub (Dec 29, 2022):

Exactly.
Changed url from https://2fa.directory/api/v3/totp.json to https://api.2fa.directory/v3/totp.json
Waiting for changes from Bitwarden.

@ob-tk commented on GitHub (Dec 29, 2022): Exactly. Changed url from https://2fa.directory/api/v3/totp.json to https://api.2fa.directory/v3/totp.json Waiting for changes from Bitwarden.
OVERLORD commented 2026-02-05 00:59:59 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Dec 29, 2022):

I have created my first PR for Bitwarden:

Lets wait and see :).

@BlackDex commented on GitHub (Dec 29, 2022): I have created my first PR for Bitwarden: - https://github.com/bitwarden/clients/pull/4345 - https://github.com/bitwarden/server/pull/2523 Lets wait and see :).
OVERLORD commented 2026-02-05 01:00:02 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Dec 29, 2022):

Ill leave it open for now until they have fixed it and we have updated the web-vault version to a fixed version.
In theory we could fix this our self via patches, but i rather wait for Bitwarden to release a new vault version.

@BlackDex commented on GitHub (Dec 29, 2022): Ill leave it open for now until they have fixed it and we have updated the web-vault version to a fixed version. In theory we could fix this our self via patches, but i rather wait for Bitwarden to release a new vault version.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
troubleshooting
wontfix
No Label Third party future Vault
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#1457
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?