Error 400 during login - impossible to login new users #464

New Issue

MrUnknownDE · 2026-04-05T21:23:20+02:00

MrUnknownDE commented

2026-04-05 21:23:20 +02:00

Originally created by @kami-nx on 7/18/2025

Prerequisites

I have searched the existing issues and discussions
I have read the documentation

Vaultwarden Support String

Your environment (Generated via diagnostics page)

Vaultwarden version: v1.34.1
Web-vault version: v2025.5.0
OS/Arch: linux/x86_64
Running within a container: true (Base: Debian)
Database type: SQLite
Database version: 3.49.1
Uses config.json: true
Uses a reverse proxy: true
IP Header check: true (X-Forwarded-For)
Internet access: true
Internet access via a proxy: false
DNS Check: true
Browser/Server Time Check: true
Server/NTP Time Check: true
Domain Configuration Check: true
HTTPS Check: true
Websocket Check: true
HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://**********************",
  "domain_origin": "*****://**********************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": false,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 308,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 0,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "ORGANIZATION Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Forwarded-For",
  "job_poll_interval_ms": 30000,
  "log_file": "/data/log/bitwarden.log",
  "log_level": "error",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "**********,**********,************",
  "signups_verify": false,
  "signups_verify_resend_limit": 5,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": "Plain",
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "********************",
  "smtp_from_name": "Bitwarden Notifications",
  "smtp_host": "***************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 25,
  "smtp_username": "********************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Vaultwarden Build Version

1.34.1

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

official image caddy:2

Host/Server Operating System

Linux

Operating System Version

Ubuntu 24.04

Clients

Web Vault

Client Version

2025.5.0

Steps To Reproduce

Start Incognito browser
Try login

Expected Result

Login to vault

Actual Result

After provide password progress circle is turning forever

Logs

[2025-07-18 10:13:50.678][vaultwarden::api::admin][ERROR] Unable to parse latest_web_build: '-'                                                      
[2025-07-18 10:13:51.143][vaultwarden::api::admin][ERROR] Testing error 404 response                                                                 
[2025-07-18 10:13:51.163][vaultwarden::api::admin][ERROR] Testing error 400 response                                                                 
[2025-07-18 10:13:51.184][vaultwarden::api::admin][ERROR] Testing error 401 response                                                                 
[2025-07-18 10:13:51.205][vaultwarden::api::admin][ERROR] Testing error 403 response                                                                 
[2025-07-18 10:14:26.525][vaultwarden::api::admin][ERROR] Unable to parse latest_web_build: '-'                                                      
[2025-07-18 10:14:26.699][vaultwarden::api::admin][ERROR] Testing error 404 response                                                                 
[2025-07-18 10:14:26.702][vaultwarden::api::admin][ERROR] Testing error 400 response                                                                 
[2025-07-18 10:14:26.703][vaultwarden::api::admin][ERROR] Testing error 401 response                                                                 
[2025-07-18 10:14:26.705][vaultwarden::api::admin][ERROR] Testing error 403 response                                                                 
[2025-07-18 10:14:35.429][vaultwarden::api::admin][ERROR] Unable to parse latest_web_build: '-'                                                      
[2025-07-18 10:14:35.647][vaultwarden::api::admin][ERROR] Testing error 404 response                                                                 
[2025-07-18 10:14:35.649][vaultwarden::api::admin][ERROR] Testing error 400 response                                                                 
[2025-07-18 10:14:35.650][vaultwarden::api::admin][ERROR] Testing error 401 response                                                                 
[2025-07-18 10:14:35.651][vaultwarden::api::admin][ERROR] Testing error 403 response

Screenshots or Videos

Additional Context

This instance of vault warden is working version, with updates. It's not new installed version. It was installed back in 2020 for the first time and is kept updated as soon as new version is available.
Somewhere after 1.31 version, we having many problem with logins.
This instance had reverse proxy at the beginning provided with apache, however after first problems, I was trying to switch to nginx but errors during login still appear (and pattern is weird, explained below).
Meanwhile I've switched to caddy, to have the same configuration as in simplest install instruction.

So pattern is this:

everyone who has some browser opened for very long time with web vault, can login and work mostly fine
but new users, or new browsers, or incognito window - can't login at all (no matter if 2FA is on/off)

There is no connection with firewalls/antivirus software/internet providers.

On the server side, there is some firewall, however even if there is all traffic allowed from provided IP (like from our office), the problem with error 400 still exists.

Here is caddy config:

<server-redacted> {                                                                                                                             
  log {                                                                                                                                              
    level DEBUG
    output file {$LOG_FILE} {
      roll_size 10MB
      roll_keep 10
    }
  }

  # Use the ACME HTTP-01 challenge to get a cert for the configured domain.
  tls {$EMAIL}

  # This setting may have compatibility issues with some browsers
  # (e.g., attachment downloading on Firefox). Try disabling this
  # if you encounter issues.
  encode zstd gzip

  # Proxy everything Rocket
  reverse_proxy vaultwarden:80 {
       # Send the true remote IP to Rocket, so that vaultwarden can put this in the
       # log, so that fail2ban can ban the correct IP.
       header_up X-Real-IP {remote_host}
  }
}

Here is docker compose file:

services:
  vaultwarden:
    image: "vaultwarden/server:latest"
    container_name: vaultwarden
    restart: always
    volumes:
      - ./bw-data:/data
    environment:
      DOMAIN: "https://<redacted-but-public-FQDN>"
      ADMIN_TOKEN: $$argon2<redacted>
      SIGNUPS_ALLOWED: "false"
      ROCKET_WORKERS: 3
      LOG_FILE: "/data/log/bitwarden.log"
      LOG_LEVEL: "debug"
      EXTENDED_LOGGING: "true"

  caddy:
    image: caddy:2
    container_name: caddy
    restart: always
    ports:
      - 80:80
      - 443:443
      - 443:443/udp
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - ./caddy-config:/config
      - ./caddy-data:/data
    environment:
      EMAIL: "<redacted>"
      LOG_FILE: "/data/access.log"

Here is caddy access.log:

{
	"level":"info",
	"ts":1752835556.0294871,
	"logger":"http.log.access.log0",
	"msg":"handled request",
	"request":{
		"remote_ip":"<redacted>",
		"remote_port":"64370",
		"client_ip":"<redacted>",
		"proto":"HTTP/3.0",
		"method":"GET",
		"host":"<redacted-but-public-FQDN>",
		"uri":"/images/favicon-32x32.png",
		"headers":{
			"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0"],
			"Sec-Fetch-Mode":["no-cors"],
			"Cache-Control":["no-cache"],
			"Sec-Ch-Ua-Mobile":["?0"],
			"Referer":["https://<redacted-but-public-FQDN>/"],
			"Sec-Fetch-Dest":["image"],
			"Priority":["u=1, i"],
			"Dnt":["1"],
			"Sec-Fetch-Site":["same-origin"],
			"Sec-Ch-Ua-Platform":["\"Windows\""],
			"Sec-Ch-Ua":["\"Not)A;Brand\";v=\"8\", \"Chromium\";v=\"138\", \"Microsoft Edge\";v=\"138\""],
			"Accept-Language":["en"],
			"Pragma":["no-cache"],
			"Accept":["image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"],
			"Accept-Encoding":["gzip, deflate, br, zstd"]
		},
		"tls":{
			"resumed":true,
			"version":772,
			"cipher_suite":4865,
			"proto":"h3",
			"server_name":"<redacted-but-public-FQDN>"}
	},
	"bytes_read":0,
	"user_id":"",
	"duration":0.001837995,
	"size":886,
	"status":200,
	"resp_headers":{
		"Expires":["Fri, 25 Jul 2025 10:45:56 GMT"],
		"Server":["Rocket"],
		"Permissions-Policy":["accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()"],
		"X-Xss-Protection":["0"],
		"Referrer-Policy":["same-origin"],
		"X-Robots-Tag":["noindex, nofollow"],
		"X-Frame-Options":["SAMEORIGIN"],
		"X-Content-Type-Options":["nosniff"],
		"Content-Security-Policy":["default-src 'none'; font-src 'self'; manifest-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ;"],
		"Content-Length":["886"],
		"Via":["1.1 Caddy"],
		"Date":["Fri, 18 Jul 2025 10:45:55 GMT"],
		"Content-Type":["image/png"],
		"Cache-Control":["public, immutable, max-age=604800"]
	}
}

*Originally created by @kami-nx on 7/18/2025* ### Prerequisites - [x] I have searched the existing issues and discussions - [x] I have read the documentation ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.34.1 * Web-vault version: v2025.5.0 * OS/Arch: linux/x86_64 * Running within a container: true (Base: Debian) * Database type: SQLite * Database version: 3.49.1 * Uses config.json: true * Uses a reverse proxy: true * IP Header check: true (X-Forwarded-For) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Websocket Check: true * HTTP Response Checks: true ### Config & Details (Generated via diagnostics page) <details><summary>Show Config & Details</summary> **Environment settings which are overridden:** DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN **Config:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "***:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_connect_src": "", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://**********************", "domain_origin": "*****://**********************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": false, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 308, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 0, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "ORGANIZATION Vaultwarden", "invitations_allowed": true, "ip_header": "X-Forwarded-For", "job_poll_interval_ms": 30000, "log_file": "/data/log/bitwarden.log", "log_level": "error", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "push_enabled": false, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "**********,**********,************", "signups_verify": false, "signups_verify_resend_limit": 5, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": "Plain", "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "********************", "smtp_from_name": "Bitwarden Notifications", "smtp_host": "***************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 25, "smtp_username": "********************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Vaultwarden Build Version 1.34.1 ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy official image caddy:2 ### Host/Server Operating System Linux ### Operating System Version Ubuntu 24.04 ### Clients Web Vault ### Client Version 2025.5.0 ### Steps To Reproduce 1. Start Incognito browser 2. Try login ### Expected Result Login to vault ### Actual Result After provide password progress circle is turning forever ### Logs ```text [2025-07-18 10:13:50.678][vaultwarden::api::admin][ERROR] Unable to parse latest_web_build: '-' [2025-07-18 10:13:51.143][vaultwarden::api::admin][ERROR] Testing error 404 response [2025-07-18 10:13:51.163][vaultwarden::api::admin][ERROR] Testing error 400 response [2025-07-18 10:13:51.184][vaultwarden::api::admin][ERROR] Testing error 401 response [2025-07-18 10:13:51.205][vaultwarden::api::admin][ERROR] Testing error 403 response [2025-07-18 10:14:26.525][vaultwarden::api::admin][ERROR] Unable to parse latest_web_build: '-' [2025-07-18 10:14:26.699][vaultwarden::api::admin][ERROR] Testing error 404 response [2025-07-18 10:14:26.702][vaultwarden::api::admin][ERROR] Testing error 400 response [2025-07-18 10:14:26.703][vaultwarden::api::admin][ERROR] Testing error 401 response [2025-07-18 10:14:26.705][vaultwarden::api::admin][ERROR] Testing error 403 response [2025-07-18 10:14:35.429][vaultwarden::api::admin][ERROR] Unable to parse latest_web_build: '-' [2025-07-18 10:14:35.647][vaultwarden::api::admin][ERROR] Testing error 404 response [2025-07-18 10:14:35.649][vaultwarden::api::admin][ERROR] Testing error 400 response [2025-07-18 10:14:35.650][vaultwarden::api::admin][ERROR] Testing error 401 response [2025-07-18 10:14:35.651][vaultwarden::api::admin][ERROR] Testing error 403 response ``` ### Screenshots or Videos <img width="1060" height="1281" alt="Image" src="https://github.com/user-attachments/assets/ab76e45a-126f-4691-9521-fb6819111fcb" /> ### Additional Context This instance of vault warden is working version, with updates. It's not new installed version. It was installed back in 2020 for the first time and is kept updated as soon as new version is available. Somewhere after 1.31 version, we having many problem with logins. This instance had reverse proxy at the beginning provided with apache, however after first problems, I was trying to switch to nginx but errors during login still appear (and pattern is weird, explained below). Meanwhile I've switched to caddy, to have the same configuration as in simplest install instruction. So pattern is this: - everyone who has some browser opened for very long time with web vault, can login and work mostly fine - but new users, or new browsers, or incognito window - can't login at all (no matter if 2FA is on/off) There is no connection with firewalls/antivirus software/internet providers. On the server side, there is some firewall, however even if there is all traffic allowed from provided IP (like from our office), the problem with error 400 still exists. Here is caddy config: ``` <server-redacted> { log { level DEBUG output file {$LOG_FILE} { roll_size 10MB roll_keep 10 } } # Use the ACME HTTP-01 challenge to get a cert for the configured domain. tls {$EMAIL} # This setting may have compatibility issues with some browsers # (e.g., attachment downloading on Firefox). Try disabling this # if you encounter issues. encode zstd gzip # Proxy everything Rocket reverse_proxy vaultwarden:80 { # Send the true remote IP to Rocket, so that vaultwarden can put this in the # log, so that fail2ban can ban the correct IP. header_up X-Real-IP {remote_host} } } ``` Here is docker compose file: ```yaml services: vaultwarden: image: "vaultwarden/server:latest" container_name: vaultwarden restart: always volumes: - ./bw-data:/data environment: DOMAIN: "https://<redacted-but-public-FQDN>" ADMIN_TOKEN: $$argon2<redacted> SIGNUPS_ALLOWED: "false" ROCKET_WORKERS: 3 LOG_FILE: "/data/log/bitwarden.log" LOG_LEVEL: "debug" EXTENDED_LOGGING: "true" caddy: image: caddy:2 container_name: caddy restart: always ports: - 80:80 - 443:443 - 443:443/udp volumes: - ./Caddyfile:/etc/caddy/Caddyfile:ro - ./caddy-config:/config - ./caddy-data:/data environment: EMAIL: "<redacted>" LOG_FILE: "/data/access.log" ``` Here is caddy access.log: ```json { "level":"info", "ts":1752835556.0294871, "logger":"http.log.access.log0", "msg":"handled request", "request":{ "remote_ip":"<redacted>", "remote_port":"64370", "client_ip":"<redacted>", "proto":"HTTP/3.0", "method":"GET", "host":"<redacted-but-public-FQDN>", "uri":"/images/favicon-32x32.png", "headers":{ "User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0"], "Sec-Fetch-Mode":["no-cors"], "Cache-Control":["no-cache"], "Sec-Ch-Ua-Mobile":["?0"], "Referer":["https://<redacted-but-public-FQDN>/"], "Sec-Fetch-Dest":["image"], "Priority":["u=1, i"], "Dnt":["1"], "Sec-Fetch-Site":["same-origin"], "Sec-Ch-Ua-Platform":["\"Windows\""], "Sec-Ch-Ua":["\"Not)A;Brand\";v=\"8\", \"Chromium\";v=\"138\", \"Microsoft Edge\";v=\"138\""], "Accept-Language":["en"], "Pragma":["no-cache"], "Accept":["image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"], "Accept-Encoding":["gzip, deflate, br, zstd"] }, "tls":{ "resumed":true, "version":772, "cipher_suite":4865, "proto":"h3", "server_name":"<redacted-but-public-FQDN>"} }, "bytes_read":0, "user_id":"", "duration":0.001837995, "size":886, "status":200, "resp_headers":{ "Expires":["Fri, 25 Jul 2025 10:45:56 GMT"], "Server":["Rocket"], "Permissions-Policy":["accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()"], "X-Xss-Protection":["0"], "Referrer-Policy":["same-origin"], "X-Robots-Tag":["noindex, nofollow"], "X-Frame-Options":["SAMEORIGIN"], "X-Content-Type-Options":["nosniff"], "Content-Security-Policy":["default-src 'none'; font-src 'self'; manifest-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net ;"], "Content-Length":["886"], "Via":["1.1 Caddy"], "Date":["Fri, 18 Jul 2025 10:45:55 GMT"], "Content-Type":["image/png"], "Cache-Control":["public, immutable, max-age=604800"] } } ```

MrUnknownDE closed this issue

2026-04-05 21:23:20 +02:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#464