Unable to download attachments

bkraul · November 21, 2019, 8:38pm

We have a self-hosted, docker-based install of Bitwarden with an active premium account. We keep our installation up to date.

We are having issues where we are unable to download attachments. When clicking on the file to download, the progress spinner just goes on and on (for very small files). Has anything like this been reported already?

attachments

This is what gets logged in the developer console (some info taken out for privacy):

XHR
GEThttp://bitwarden.domain.com/attachments/6f6df1cd-7dbf-4f12-baee-ab0c0139eb8a/waogzqra3xcozjbcom3dw9wzyid0b2g2
ERROR Error: "Uncaught (in promise): TypeError: NetworkError when attempting to fetch resource.
t.fetch/</d<@https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:16:703
c</t.prototype.scheduleTask@https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8:7431
onScheduleTask@https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8:4600
c</t.prototype.scheduleTask@https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8:7330
a</e.prototype.scheduleTask@https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8:3439
a</e.prototype.scheduleMacroTask@https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8:3792
t.fetch/<@https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:16:628
t@https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8:13933
t.fetch@https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:16:586
o</n.prototype.download/</<@https://bitwarden.domain.com/app/main.e7dfe733886d05f0edd0.js:1:1153773
i/</<@https://bitwarden.domain.com/app/main.e7dfe733886d05f0edd0.js:1:1150835
i/<@https://bitwarden.domain.com/app/main.e7dfe733886d05f0edd0.js:1:1150940
t</<@https://bitwarden.domain.com/app/main.e7dfe733886d05f0edd0.js:1:1149853
t@https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8:13933
t<@https://bitwarden.domain.com/app/main.e7dfe733886d05f0edd0.js:1:1149630
o</n.prototype.download@https://bitwarden.domain.com/app/main.e7dfe733886d05f0edd0.js:1:1153601
w/<@https://bitwarden.domain.com/app/main.e7dfe733886d05f0edd0.js:1:1999988
handleEvent@https://bitwarden.domain.com/app/vendor.e7dfe733886d05f0edd0.js:799:1489
handleEvent@https://bitwarden.domain.com/app/vendor.e7dfe733886d05f0edd0.js:806:1021
lg@https://bitwarden.domain.com/app/vendor.e7dfe733886d05f0edd0.js:726:1018
qg/<@https://bitwarden.domain.com/app/vendor.e7dfe733886d05f0edd0.js:734:2779
H/<@https://bitwarden.domain.com/app/vendor.e7dfe733886d05f0edd0.js:1453:235
c</t.prototype.invokeTask@https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8:7690
onInvokeTask@https://bitwarden.domain.com/app/vendor.e7dfe733886d05f0edd0.js:624:999
c</t.prototype.invokeTask@https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8:7611
a</e.prototype.runTask@https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8:2868
s</e.invokeTask@https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8:8797
b@https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:39:632
m@https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:39:875
"
    j https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8
    T https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8
    i https://bitwarden.domain.com/app/main.e7dfe733886d05f0edd0.js:1
    invoke https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8
    onInvoke https://bitwarden.domain.com/app/vendor.e7dfe733886d05f0edd0.js:624
    invoke https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8
    run https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8
    F https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8
    invokeTask https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8
    onInvokeTask https://bitwarden.domain.com/app/vendor.e7dfe733886d05f0edd0.js:624
    invokeTask https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8
    runTask https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8
    y https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8
    o https://bitwarden.domain.com/app/vendor.e7dfe733886d05f0edd0.js:1590
    D https://bitwarden.domain.com/app/vendor.e7dfe733886d05f0edd0.js:1590
    c https://bitwarden.domain.com/app/vendor.e7dfe733886d05f0edd0.js:1544
    invoke https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8
    runGuarded https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8
    wrap https://bitwarden.domain.com/app/polyfills.e7dfe733886d05f0edd0.js:8
vendor.e7dfe733886d05f0edd0.js:566:920
Content Security Policy: The page’s settings blocked the loading of a resource at http://bitwarden.domain.com/attachments/6f6df1cd-7dbf-4f12-baee-ab0c0139eb8a/waogzqra3xcozjbcom3dw9wzyid0b2g2 (“connect-src”).

marczu · July 2, 2020, 9:15am

HI, any news about that?
self-hosted on synology sam problem with csp,

bkraul · July 2, 2020, 11:41am

I was given this by their support. It worked. But I have a docker setup (not sure if that is the case for you on Synology).

You will need to edit the file ./bwdata/nginx/default.conf and look for add_header Content-Security-Policy. Please add https://*.yourdomain.com as a self connect-src inside the Content-Security-Policy. You will now need to restart the Bitwarden Server and give it a test.

So for my case, my change was as follows:

...
  location / {
    proxy_pass http://web:5000/;
    include /etc/nginx/security-headers.conf;
    add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://haveibeenpwned.com https://www.gravatar.com; child-src 'self' https://*.duosecurity.com; frame-src 'self' https://*.duosecurity.com; connect-src 'self' wss://bitwarden.mydomain.com https://api.pwnedpasswords.com https://twofactorauth.org; object-src 'self' blob:;";
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Robots-Tag "noindex, nofollow";
  }
...

(Notice the wss://bitwarden.mydomain.com). Hope this helps.

waehli · October 11, 2020, 8:29pm

can you tell me what exactly you changed? I have the same problem, but in my installation on synology docker the wss://sub.mydomain.com entry is already there. do i have to add another *. entry?
Thx you for your reply.

bkraul · October 12, 2020, 1:01pm

@waehli have it pretty much like I pasted it on the location block. You may have to check the browser’s developer console to see what domain or address it is giving CSP errors for and then add to the appropriate section.