vaultwarden
vaultwarden copied to clipboard
dani-garcia
Access to fetch at 'https://2fa.directory/api/v3/totp.json' has been blocked by CORS policy
Subject of the issue
After update to 1.27.0 [Latest] the ability to check for enabled 2FA is broken.
In the Chrome browser console, the following information: "Access to fetch at 'https://2fa.directory/api/v3/totp.json' from origin 'https://my.doma.in' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled."
In the Web Vault always "good news".
Deployment environment
- vaultwarden version: 1.27.0 [Latest]
-
Install method: Docker image (vaultwarden/server:latest)
-
Clients used: web wault (Chrome/Firefox/Opera browsers)
-
Reverse proxy and version: nginx/1.23.2
-
MySQL/MariaDB or PostgreSQL version: sqlite3
-
Other relevant details:
Steps to reproduce
Expected behaviour
Actual behaviour
Troubleshooting data
Looks like 2fa.directory made some changes, and this also breaks on Bitwarden Self-Hosted environments. That said, it's not something we can fix in this repo.
Exactly. Changed url from https://2fa.directory/api/v3/totp.json to https://api.2fa.directory/v3/totp.json Waiting for changes from Bitwarden.
I have created my first PR for Bitwarden:
- https://github.com/bitwarden/clients/pull/4345
- https://github.com/bitwarden/server/pull/2523
Lets wait and see :).
Ill leave it open for now until they have fixed it and we have updated the web-vault version to a fixed version. In theory we could fix this our self via patches, but i rather wait for Bitwarden to release a new vault version.