bw send -f /tmp/file.png not working #890

New Issue

Closed

opened 2025-10-09 16:55:58 +03:00 by OVERLORD · 6 comments

OVERLORD commented 2025-10-09 16:55:58 +03:00

Owner

Copy Link

Originally created by @adamshand on GitHub.

I believe I have the latest version of bw and Vaultwarden installed.

❯ de vaultwarden /vaultwarden --version
vaultwarden 1.27.0

❯ bw --version
2023.2.0

I can use the bw send feature successfully if I don't attach a file:

❯ bw send "hello, test send from command line"
? Master password: [hidden]
{"object":"send","id":"d89eaab9-73cb-4232-9770-c14425522d14","accessId":"2J6quXPLQjKXcMFEJVItFA","accessUrl":"https://xxx.com/#/send/2J6quXPLQjKXcMFEJVItFA/Cwuudi4r1x9qSxXPu_S7oA","name":"77c0f8b0-7d5c-48f0-a42d-393ebb675e93","notes":null,"key":"Cwuudi4r1x9qSxXPu/S7oA==","type":0,"maxAccessCount":null,"accessCount":0,"revisionDate":"2023-03-08T23:27:06.808Z","deletionDate":"2023-03-15T23:26:59.982Z","expirationDate":null,"passwordSet":false,"disabled":false,"hideEmail":false,"text":{"text":"hello, test send from command line","hidden":false}}

Subject of the issue

Following the instructions on Bitwarden's website I tried to create a send with an attached file.

❯ bw send -f /tmp/xkcd_wrong.png
? Master password: [hidden]
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <title>400 Bad Request</title>
</head>
<body align="center">
    <div role="main" align="center">
        <h1>400: Bad Request</h1>
        <p>The request could not be understood by the server due to malformed syntax.</p>
        <hr />
    </div>
    <div role="contentinfo" align="center">
        <small>Rocket</small>
    </div>
</body>
</html>

Deployment environment

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.27.0
• Web-vault version: v2022.12.0
• Running within Docker: true (Base: Debian)
• Environment settings overridden: true
• Uses a reverse proxy: true
• IP Header check: false (X-Forwarded-For)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• Time Check: true
• Domain Configuration Check: false
• HTTPS Check: false
• Database type: SQLite
• Database version: 3.39.2
• Clients used:
• Reverse proxy and version:
• Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden: ADMIN_TOKEN

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_smtp_img_src": "cid:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "****://***********",
  "domain_origin": "****://***********",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "extended_logging": true,
  "helo_name": "*************",
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "XXXX",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "**************,**************",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "*********,*********,****************",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "*************************",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "**********************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "****************************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Originally created by @adamshand on GitHub. I believe I have the latest version of bw and Vaultwarden installed. ``` ❯ de vaultwarden /vaultwarden --version vaultwarden 1.27.0 ❯ bw --version 2023.2.0 ``` I can use the `bw send` feature successfully if I don't attach a file: ``` ❯ bw send "hello, test send from command line" ? Master password: [hidden] {"object":"send","id":"d89eaab9-73cb-4232-9770-c14425522d14","accessId":"2J6quXPLQjKXcMFEJVItFA","accessUrl":"https://xxx.com/#/send/2J6quXPLQjKXcMFEJVItFA/Cwuudi4r1x9qSxXPu_S7oA","name":"77c0f8b0-7d5c-48f0-a42d-393ebb675e93","notes":null,"key":"Cwuudi4r1x9qSxXPu/S7oA==","type":0,"maxAccessCount":null,"accessCount":0,"revisionDate":"2023-03-08T23:27:06.808Z","deletionDate":"2023-03-15T23:26:59.982Z","expirationDate":null,"passwordSet":false,"disabled":false,"hideEmail":false,"text":{"text":"hello, test send from command line","hidden":false}} ``` ### Subject of the issue Following the instructions on Bitwarden's website I tried to create a send with an attached file. ``` ❯ bw send -f /tmp/xkcd_wrong.png ? Master password: [hidden] <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>400 Bad Request</title> </head> <body align="center"> <div role="main" align="center"> <h1>400: Bad Request</h1> <p>The request could not be understood by the server due to malformed syntax.</p> <hr /> </div> <div role="contentinfo" align="center"> <small>Rocket</small> </div> </body> </html> ``` ### Deployment environment ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.27.0 * Web-vault version: v2022.12.0 * Running within Docker: true (Base: Debian) * Environment settings overridden: true * Uses a reverse proxy: true * IP Header check: false (X-Forwarded-For) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: false * HTTPS Check: false * Database type: SQLite * Database version: 3.39.2 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** ADMIN_TOKEN ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_smtp_img_src": "cid:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "****://***********", "domain_origin": "****://***********", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "extended_logging": true, "helo_name": "*************", "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_expiration_hours": 120, "invitation_org_name": "XXXX", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "**************,**************", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "*********,*********,****************", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "*************************", "smtp_from_name": "Vaultwarden", "smtp_host": "**********************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "****************************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details>

OVERLORD added the troubleshooting label 2025-10-09 16:55:58 +03:00

OVERLORD closed this issue 2025-10-09 16:55:59 +03:00

OVERLORD commented 2025-10-09 16:56:00 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub:

It seems to work just fine for me.
Could you enable LOG_LEVEL=debug and check what the logs report during the send?

@BlackDex commented on GitHub: It seems to work just fine for me. Could you enable `LOG_LEVEL=debug` and check what the logs report during the send?

OVERLORD commented 2025-10-09 16:56:01 +03:00

Author

Owner

Copy Link

@adamshand commented on GitHub:

I've just checked and I can create a file based Send using the Firefox extension.

@adamshand commented on GitHub: I've just checked and I can create a file based Send using the Firefox extension.

OVERLORD commented 2025-10-09 16:56:01 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub:

How did you installed the client? Which OS are you using? And, what happens when you download the cli from the Bitwarden repo?

Looks like there is something either wrong with the client, or the reverse proxy is doing something strange.

@BlackDex commented on GitHub: How did you installed the client? Which OS are you using? And, what happens when you download the cli from the Bitwarden repo? Looks like there is something either wrong with the client, or the reverse proxy is doing something strange.

OVERLORD commented 2025-10-09 16:56:02 +03:00

Author

Owner

Copy Link

@adamshand commented on GitHub:

Same thing on client side, in the Docker logs I get:

vaultwarden    | [2023-03-10 04:26:23.568][request][INFO] POST /api/sends/file/v2
vaultwarden    | [2023-03-10 04:26:23.569][response][INFO] (post_send_file_v2) POST /api/sends/file/v2 => 200 OK
vaultwarden    | [2023-03-10 04:26:23.814][request][INFO] POST /api/sends/cde9b820-e958-4efa-97a8-c67aa9a51819/file/bb8ba808f7841223309c5b3ec9a027dac6308457fa698b0be08b2934b64bb4dc
vaultwarden    | [2023-03-10 04:26:23.828][_][WARN] Data guard `Form < UploadDataV2 < '_ > >` failed: Errors([Error { name: Some("data"), value: None, kind: Io(Custom { kind: Other, error: field "data" received with incomplete data }), entity: Form }]).
vaultwarden    | [2023-03-10 04:26:23.828][_][WARN] No 400 catcher registered. Using Rocket default.
vaultwarden    | [2023-03-10 04:26:23.828][response][INFO] (post_send_file_v2_data) POST /api/sends/<send_uuid>/file/<file_id> multipart/form-data => 400 Bad Request
vaultwarden    | [2023-03-10 04:26:23.985][request][INFO] DELETE /api/sends/cde9b820-e958-4efa-97a8-c67aa9a51819
vaultwarden    | [2023-03-10 04:26:23.986][response][INFO] (delete_send) DELETE /api/sends/<id> => 200 OK

@adamshand commented on GitHub: Same thing on client side, in the Docker logs I get: ``` vaultwarden | [2023-03-10 04:26:23.568][request][INFO] POST /api/sends/file/v2 vaultwarden | [2023-03-10 04:26:23.569][response][INFO] (post_send_file_v2) POST /api/sends/file/v2 => 200 OK vaultwarden | [2023-03-10 04:26:23.814][request][INFO] POST /api/sends/cde9b820-e958-4efa-97a8-c67aa9a51819/file/bb8ba808f7841223309c5b3ec9a027dac6308457fa698b0be08b2934b64bb4dc vaultwarden | [2023-03-10 04:26:23.828][_][WARN] Data guard `Form < UploadDataV2 < '_ > >` failed: Errors([Error { name: Some("data"), value: None, kind: Io(Custom { kind: Other, error: field "data" received with incomplete data }), entity: Form }]). vaultwarden | [2023-03-10 04:26:23.828][_][WARN] No 400 catcher registered. Using Rocket default. vaultwarden | [2023-03-10 04:26:23.828][response][INFO] (post_send_file_v2_data) POST /api/sends/<send_uuid>/file/<file_id> multipart/form-data => 400 Bad Request vaultwarden | [2023-03-10 04:26:23.985][request][INFO] DELETE /api/sends/cde9b820-e958-4efa-97a8-c67aa9a51819 vaultwarden | [2023-03-10 04:26:23.986][response][INFO] (delete_send) DELETE /api/sends/<id> => 200 OK ```

OVERLORD commented 2025-10-09 16:56:03 +03:00

Author

Owner

Copy Link

@adamshand commented on GitHub:

It's something about the Homebrew installation of bitwarden-cli. I've downloaded bw direct from bitwarden.com and it's working fine.

It appears that Homebrew runs bw through some kind of wrapper.

Sorry for the noise, and thanks for the help!

❯ /opt/homebrew/bin/bw --version
2023.2.0

❯ ~/bin/darwin/bw --version
2023.2.0

❯ file /opt/homebrew/bin/bw
/opt/homebrew/bin/bw: a /usr/bin/env node script text executable, ASCII text, with very long lines (2096), with CRLF, LF line terminators

❯ file ~/bin/darwin/bw
/Users/adam/bin/darwin/bw: Mach-O 64-bit executable x86_64

@adamshand commented on GitHub: It's something about the Homebrew installation of `bitwarden-cli`. I've downloaded `bw` direct from `bitwarden.com` and it's working fine. It appears that Homebrew runs `bw` through some kind of wrapper. Sorry for the noise, and thanks for the help! ``` ❯ /opt/homebrew/bin/bw --version 2023.2.0 ❯ ~/bin/darwin/bw --version 2023.2.0 ❯ file /opt/homebrew/bin/bw /opt/homebrew/bin/bw: a /usr/bin/env node script text executable, ASCII text, with very long lines (2096), with CRLF, LF line terminators ❯ file ~/bin/darwin/bw /Users/adam/bin/darwin/bw: Mach-O 64-bit executable x86_64 ```

OVERLORD commented 2025-10-09 16:56:04 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub:

@adamshand i think homebrew has the same issue as Arch Linux. They probably used a newer version of node/npm.
That causes several issues with the complied file.

@BlackDex commented on GitHub: @adamshand i think homebrew has the same issue as Arch Linux. They probably used a newer version of node/npm. That causes several issues with the complied file.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

test_dylint

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

better for forum

bug

bug

bug

documentation

duplicate

enhancement

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

SSO

Third party

troubleshooting

troubleshooting

wontfix

No Label troubleshooting

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#890