Cannot login using the web extension on Brave

Hi,
Vaultwarden is a really nice tool and I’ve been using it for the past 3 months without any issues.
However, last week, I had to change my domain name and SSL cert to move from a self-signed local solution to one that uses certificates signed by LetsEncrypt and a domain that I own. The reason for this is that the iOS client was more picky than others on the certificate requirements.

Since then, everything worked fine on all clients (firefox, android, iOS, and Brave). But, for a few days, I cannot login to my account using the Brave client anymore. I get an error message: “An error has occurred: Failed to fetch” in the browser and the logs look like this:

bitwarden    | [2022-09-10 09:13:27.218][_][ERROR] No matching routes for OPTIONS /api/accounts/prelogin.
bitwarden    | [2022-09-10 09:13:27.218][_][WARN] No 404 catcher registered. Using Rocket default.

Any idea what could be the problem? I’ve been scratching my head for two days and I cannot find the reason for this issue. Maybe the OPTIONS is not properly handled by vaultwarden?
Any pointers would be really helpful.

Here are some configuration details:

Brave browser client version: 2022.8.0
Valutwarden server version: 1.25.2
Traefik version: 2.3
docker-compose source:

version: "3.3"

services:
  bitwarden:
    image: vaultwarden/server:latest
    restart: unless-stopped
    container_name: bitwarden
    volumes:
      - ./bw-data:/data
    environment:
      WEBSOCKET_ENABLED: 'true' # Required to use websockets
      SIGNUPS_ALLOWED: 'true' # set to false to disable signups
      DOMAIN: 'https://<my_domain>'
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
      - "traefik.http.middlewares.redirect-https.redirectScheme.scheme=https"
      - "traefik.http.middlewares.redirect-https.redirectScheme.permanent=true"
      - "traefik.http.routers.bitwarden-ui-https.rule=Host(`<my_domain>`)"
      - "traefik.http.routers.bitwarden-ui-https.entrypoints=websecure"
      - "traefik.http.routers.bitwarden-ui-https.tls=true"
      - "traefik.http.routers.bitwarden-ui-https.service=bitwarden-ui"
      - "traefik.http.routers.bitwarden-ui-http.rule=Host(`<my_domain>`)"
      - "traefik.http.routers.bitwarden-ui-http.entrypoints=web"
      - "traefik.http.routers.bitwarden-ui-http.middlewares=redirect-https"
      - "traefik.http.routers.bitwarden-ui-http.service=bitwarden-ui"
      - "traefik.http.services.bitwarden-ui.loadbalancer.server.port=80"
      - "traefik.http.routers.bitwarden-websocket-https.rule=Host(`<my_domain>`) && Path(`/notifications/hub`)"
      - "traefik.http.routers.bitwarden-websocket-https.entrypoints=websecure"
      - "traefik.http.routers.bitwarden-websocket-https.tls=true"
      - "traefik.http.routers.bitwarden-websocket-https.service=bitwarden-websocket"
      - "traefik.http.routers.bitwarden-websocket-http.rule=Host(`<my_domain>`) && Path(`/notifications/hub`)"
      - "traefik.http.routers.bitwarden-websocket-http.entrypoints=web"
      - "traefik.http.routers.bitwarden-websocket-http.middlewares=redirect-https"
      - "traefik.http.routers.bitwarden-websocket-http.service=bitwarden-websocket"
      - "traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012"
    networks:
      - proxy

networks:
  proxy:
    external: true

Thanks!

Not sure, but there should not be an OPTION call at all that i know of.
I just installed the latest Brave browser and the latest Bitwarden Extension and they work just fine. I also tested Chromium and Firefox, they all work as they should.

Please double check the versions you have installed for both Brave and the Bitwarden Extension.

Weird, I have all latest versions of web clients (2022.8.0) and of Vaultwarden (1.25.2).
I just tried with the testing tag of the docker image as well and get the same error…
I previously tried to reinstall the brave client and I had the exact same error again.

Thanks for looking into it anyway, I’ll continue investigating.

Ah interesting, I think I found the issue!
I had configured the web extension to be active only “on click” and not “on all site” (as it is by default). If I put it back in the brave settings to its default value, I can login without any problem.

But I have no idea why this is the case, this is still pretty strange to me.

Edit: I tried it again and I can confirm that the setting “on click” is what is triggering the login error on vaultwarden. Should I create an issue on github?

Indeed, that does seem to send an OPTION instead of a normal POST.
This also breaks on vault.bitwarden.com so either this is an issue on the Extension using that option, or something else is wrong.

It looks like there was already an issue reported about this, and it seems to be solved by adding some allowed sites. Checkout the issue reported here: Changing Chrome extension "This Can Read and Change Site Data"-permission breaks the extension · Issue #1612 · bitwarden/clients · GitHub

Ah nice, I wasn’t aware of this issue on github. Thank you!

So in summary, for anyone reading this and having the same issue, here’s how to fix it:

In the settings of the web extension, choose either “on all sites” and continue using the extension as usual or choose “On specific sites” and type in the list of allowed URLs: “https://<your_domain>” (the same URL you have used as vault address in the configuration of the web client).
Then, the extension will behave in the same way as with the option “on click” and you will be able to log in seamlessly to your vault.