starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-02-05 00:29:40 +03:00
Code Issues 32 Packages Projects Releases 10 Wiki Activity

Import CSV from browser #1553

New Issue
Closed
opened 2026-02-05 01:13:25 +03:00 by OVERLORD · 3 comments
OVERLORD commented 2026-02-05 01:13:25 +03:00
Owner
Copy Link

Originally created by @petercrowley on GitHub (Apr 1, 2023).

Subject of the issue

I am getting an error importing browser CSV files

Deployment environment

Your environment (Generated via diagnostics page)

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.28.0
  • Web-vault version: v2023.3.0b
  • OS/Arch: linux/x86_64
  • Running within Docker: true (Base: Debian)
  • Environment settings overridden: false
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Browser/Server Time Check: false
  • Server/NTP Time Check: false
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Database type: SQLite
  • Database version: 3.39.2
  • Clients used:
  • Reverse proxy and version:
  • Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden:

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_smtp_img_src": "cid:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*******************",
  "domain_origin": "*****://*******************",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": "/data/vaultwarden.log",
  "log_level": "warn",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "*******************************",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "****************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "********",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

  • Install method: docker compose

  • Clients used: iOS, webVault, Firefox, Chrome, Windows

  • Reverse proxy and version: Traefik latest (2023/03/21 20:20:13)

  • MySQL/MariaDB or PostgreSQL version: SQLlite

  • Other relevant details:

Steps to reproduce

I used both Firefox and Chrome and had the same error on both. I exported my browser passwords as a CSV, then went to the webVault => Tools => Import Data, chose the correct format and file ( I also tried copy/paste the contents to same error) and pressed Import Data button.

Expected behaviour

I expected my CSV to be imported

Actual behaviour

Import error
There was a problem with the data you tried to import. Please resolve the errors listed below in your source file and try again.

<html><head> </head>

Bad Request

Your browser sent a request that this server could not understand.

</html>

Troubleshooting data

image
image
image
image

Originally created by @petercrowley on GitHub (Apr 1, 2023). ### Subject of the issue I am getting an error importing browser CSV files ### Deployment environment ### Your environment (Generated via diagnostics page) ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.28.0 * Web-vault version: v2023.3.0b * OS/Arch: linux/x86_64 * Running within Docker: true (Base: Debian) * Environment settings overridden: false * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: false * Server/NTP Time Check: false * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.39.2 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_smtp_img_src": "cid:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*******************", "domain_origin": "*****://*******************", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": "/data/vaultwarden.log", "log_level": "warn", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "*******************************", "smtp_from_name": "Vaultwarden", "smtp_host": "****************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "********", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> * Install method: docker compose * Clients used: iOS, webVault, Firefox, Chrome, Windows * Reverse proxy and version: Traefik latest (2023/03/21 20:20:13) * MySQL/MariaDB or PostgreSQL version: SQLlite * Other relevant details: ### Steps to reproduce I used both Firefox and Chrome and had the same error on both. I exported my browser passwords as a CSV, then went to the webVault => Tools => Import Data, chose the correct format and file ( I also tried copy/paste the contents to same error) and pressed Import Data button. ### Expected behaviour I expected my CSV to be imported ### Actual behaviour Import error There was a problem with the data you tried to import. Please resolve the errors listed below in your source file and try again. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>400 Bad Request</title> </head><body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<br /> </p> </body></html> ### Troubleshooting data ![image](https://user-images.githubusercontent.com/6749031/229311615-fefe7862-78c2-4f55-8112-be14254a51a9.png) ![image](https://user-images.githubusercontent.com/6749031/229311636-349a0205-d310-45ee-9542-7f2beb0d9faf.png) ![image](https://user-images.githubusercontent.com/6749031/229311691-1816d760-8348-4d6e-bb94-9cbdbb2b42c1.png) ![image](https://user-images.githubusercontent.com/6749031/229311711-a6c1411e-a44e-43be-adc7-27cfdf13e9bd.png)
OVERLORD commented 2026-02-05 01:13:34 +03:00
Author
Owner
Copy Link

@petercrowley commented on GitHub (Apr 1, 2023):

request was going to /api/ciphers/import

@petercrowley commented on GitHub (Apr 1, 2023): request was going to /api/ciphers/import
OVERLORD commented 2026-02-05 01:13:37 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Apr 1, 2023):

Please check the Apache HTTPd logs first. I think something is being blocked there, since that response message doesn't look like a Vaultwarden response.

@BlackDex commented on GitHub (Apr 1, 2023): Please check the Apache HTTPd logs first. I think something is being blocked there, since that response message doesn't look like a Vaultwarden response.
OVERLORD commented 2026-02-05 01:13:39 +03:00
Author
Owner
Copy Link

@petercrowley commented on GitHub (Apr 2, 2023):

That was a good suggestion.  It looks like the owasp/modsecurity-crs
container flagged the upload as a security concern.  Please close the
ticket.  Just FYI, here is the message from the security logs.

  [security2:error] ModSecurity: Access denied with code 400 (phase 2).
Match of "eq 0" against "REQBODY_ERROR" required. [file
"/etc/modsecurity.d/modsecurity.conf"] [line "72"] [id "200002"] [msg
"Failed to parse request body."] [data "JSON parsing error: parse error:
client cancelled parse via callback return value\x0a"] [severity
"CRITICAL"]  [uri "/api/ciphers/import"]

On 4/1/2023 2:16 PM, Mathijs van Veluw wrote:

Please check the Apache HTTPd logs first. I think something is being
blocked there, since that response message doesn't look like a
Vaultwarden response.


Reply to this email directly, view it on GitHub
https://github.com/dani-garcia/vaultwarden/issues/3408#issuecomment-1493105881,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/ABTPWZ4VXJZIILSEC25XQTLW7CEKFANCNFSM6AAAAAAWP2MFXQ.
You are receiving this because you authored the thread.Message ID:
@.***>

@petercrowley commented on GitHub (Apr 2, 2023): That was a good suggestion.  It looks like the owasp/modsecurity-crs container flagged the upload as a security concern.  Please close the ticket.  Just FYI, here is the message from the security logs.   [security2:error] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity.d/modsecurity.conf"] [line "72"] [id "200002"] [msg "Failed to parse request body."] [data "JSON parsing error: parse error: client cancelled parse via callback return value\\x0a"] [severity "CRITICAL"]  [uri "/api/ciphers/import"] On 4/1/2023 2:16 PM, Mathijs van Veluw wrote: > > Please check the Apache HTTPd logs first. I think something is being > blocked there, since that response message doesn't look like a > Vaultwarden response. > > — > Reply to this email directly, view it on GitHub > <https://github.com/dani-garcia/vaultwarden/issues/3408#issuecomment-1493105881>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/ABTPWZ4VXJZIILSEC25XQTLW7CEKFANCNFSM6AAAAAAWP2MFXQ>. > You are receiving this because you authored the thread.Message ID: > ***@***.***> >
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
troubleshooting
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#1553
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?