Don’t know if this is a bug or a configuration issue, so starting here.
Using Vaultwarden Web, Version 2024.6.2
I have Vaultwarden container setup behind a Cloudflare Tunnel container.
- Accessing Vaultwarden via website of
https://vaultwarden.xxxx.com
works - Accessing Vaultwarden via Bitwarden desktop app configured for self-hosted site of same domain works
- Downloading attachments via Bitwarden desktop app works
- Downloading attachments via website does not work.
I get the following error in devtools when attempting to click on an attachment via the website.
attachments.component.ts:160
Refused to connect to 'http://vaultwarden.xxxx.com/attachments/yyyy/zzzz?token=<token>' because it violates the following Content Security Policy directive: "connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app.addy.io/api/ https://api.fastmail.com/ https://api.forwardemail.net".
attachments.component.ts:160
Refused to connect to 'http://vaultwarden.xxxx.com/attachments/yyyy/zzzz?token=<token>' because it violates the document's Content Security Policy.
console-log.service.ts:51
Unhandled error in angular Error: Uncaught (in promise): TypeError: Failed to fetch
TypeError: Failed to fetch