Bitwarden Browser Extension Failing to Login via Nginx + Cloudflare Tunnel – CORS Error

Ask the Community Password Manager
, ,
1

Hi all,

I’m running a self-hosted Bitwarden instance using the official bitwarden.sh installation. The setup includes an Nginx proxy in front of Bitwarden, and I access it through a Cloudflare Zero Trust tunnel.

Recently, I enabled 2FA for my account, and logging in via the browser works fine. However, the Brave (Chrome-based) extension fails to log in.

Nginx logs:

192.168.50.110 - - [24/Aug/2025:21:14:27 +0000] "POST /identity/connect/token HTTP/1.1" 400 85 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36"

bitwarden-identity container logs:

warn: Duende.IdentityServer.Hosting.CorsPolicyProvider[0]
=> SpanId:dad64d05d75a2e11, TraceId:83631ee2c023ec1ebc07aa955e9d8ca2, ParentId:0000000000000000 => ConnectionId:0HNF39T05AHU1 => RequestPath:/identity/connect/token RequestId:0HNF39T05AHU1:00000001 => IpAddress:192.168.50.100 UserAgent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36 DeviceType:2 Origin:2 ClientVersion:2025.8.1
CorsPolicyService did not allow origin: chrome-extension://nngceckbapebfimnlniiiahkandclblb

I initially suspected the issue was related to 2FA, but disabling it did not resolve the problem. I noticed the Brave/Chrome extension updated on 2025-08-23 (yesterday) > could this update have introduced a change causing the CORS failure?

Has anyone else seen the browser extension failing with a CorsPolicyService did not allow origin error in a self-hosted Bitwarden setup behind Nginx and Cloudflare? Any suggestions on how to fix this?

Platform: Win
Browser: Brave
Current server versions:

ghcr.io/bitwarden/api                 2025.5.1   ef7388fae282   3 months ago   348MB
ghcr.io/bitwarden/nginx               2025.5.1   de03e17892a4   3 months ago   195MB
ghcr.io/bitwarden/mssql               2025.5.1   c43384ee8b6b   3 months ago   1.6GB
ghcr.io/bitwarden/icons               2025.5.1   f0ffea6ebc7c   3 months ago   343MB
ghcr.io/bitwarden/notifications       2025.5.1   c030924790f8   3 months ago   342MB
ghcr.io/bitwarden/sso                 2025.5.1   dae646b5f7f2   3 months ago   346MB
ghcr.io/bitwarden/admin               2025.5.1   f5a8ba4f12a9   3 months ago   359MB
ghcr.io/bitwarden/events              2025.5.1   9e7dc6e48666   3 months ago   342MB
ghcr.io/bitwarden/setup               2025.5.1   95e414a971da   3 months ago   303MB
ghcr.io/bitwarden/identity            2025.5.1   324679101586   3 months ago   342MB
ghcr.io/bitwarden/attachments         2025.5.1   3e64f866fed5   3 months ago   225MB
ghcr.io/bitwarden/web                 2025.5.0   d52e970fb760   3 months ago   303MB
ghcr.io/bitwarden/setup               2025.4.3   e54b0310d255   3 months ago   296MB
2

Hey there, let us know if what you are experiencing is similiar to this: Problem after updating from 2025.5.1 to 2025.8 - #5 by Garry_Glendown

The team is currently investigating, thanks for your patience!