When trying to configure the auto-generation of usernames in the web GUI, I keep getting “An error has occurred: Failed to fetch”.
I have generated a SimpleLogin API key and entered it. See screenshot.
I have looked at options within SimpleLogin but no dice. I have a paid-for sub, and the Chrome SimpleLogin extension works without issue.
grb
February 20, 2023, 2:10pm
2
I’m not an expert on these types of issues, but to get the ball rolling, could you please check what version of the Bitwarden Server software you are running?
2023.2.0
It was also included in the screenshot.
grb
February 20, 2023, 3:26pm
4
The screenshot shows the version of the Web Vault client app, not the version of your self-hosted server.
Gotcha - fortunately running the latest web and self-hosted server version.
That aside - do you have any idea why this error is happening?
grb
February 20, 2023, 4:37pm
6
The reason I asked is because this type of error has been known to occur for self-hosted users who are running Vaultwarden.
Hi @phillipmcmahon , are you still experiencing this issue? I saw a hiccup myself once yesterday, but a refresh of my browser (full close and re-launch) seemed to resolve it.
If you’re still having the problem, please open a support ticket , so we can help you troubleshoot this further.
Yep - still the same. I’ve refreshed the browser etc and still the same error.
I will raise a support ticket. Thanks.
Support ticket raised.
I just tried my API key on the bitwarden hosted instance and it works…
Something somewhere needs tweaked with my hosted version. Everything else looks to be operating as expected.
Any ideas where to start looking?
The web browser plugin and android application work, that’s great and serves my needs to be honest.
Just not via the web-ui hosted on my local docker instance. I checked my pihole logs, and the calls to simplelogin are not being blocked, which is a good start. But beyond that, I’ve no idea where else to look.
Hi @phillipmcmahon , I’m glad to hear you’ve opened a help ticket! Our support team will be the best experts to get to the bottom of this.
I think the issue is within the nginx default.conf file supplied for the self-hosted version
It’s missing https://app.simplelogin.io/api/alias/random/new as a connect-src in the Content-Security-Policy directive. Once added and restarted, the simplelogin setup works as expected. Otherwise a CSP policy violation is triggered, causing the fail to fetch error.
Seems I happened upon an already known bug, reported back in December.
opened 07:44PM - 03 Dec 22 UTC
bug
web
### Steps To Reproduce
1. Log in to Bitwarden self hosted web vault using web… browser (tested in both Chromium and Firefox).
2. Generate API key from SimpleLogin dashboard.
3. Go to "Tools -> Generator" in Bitwarden web vault and attempt to generate a 'Forwarded Email Alias' username using SimpleLogin as the service and the API key generated in step 2.
### Expected Result
The username is generated successfully and shows up in the SimpleLogin dashboard.
### Actual Result
The page immediately errors with the following text in the upper right (red box) "NetworkError when attempting to fetch resource" and the following details in the browser console.
Firefox:
Content Security Policy: The page’s settings blocked the loading of a resource at https://app.simplelogin.io/api/alias/random/new (“connect-src”).
Chromium:
Refused to connect to 'https://app.simplelogin.io/api/alias/random/new' because it violates the following Content Security Policy directive: "connect-src 'self' wss://*************** https://api.pwnedpasswords.com https://twofactorauth.org".
Refused to connect to 'https://app.simplelogin.io/api/alias/random/new' because it violates the document's Content Security Policy.
### Screenshots or Videos
_No response_
### Additional Context
This only occurs in the web browser it does not occur in the Firefox browser add-on I am able to successfully create usernames using the same procedure in the browser add-on. I also tried searching the Github issues and couldn't find another issue that describes what I am seeing however I did find a Bitwarden community forum post with the exact same problem from back in June. Unfortunately there is no resolution or information confirming the bug/issue so I figured I should open a Github issue https://community.bitwarden.com/t/email-alias-generator/41785/12.
I believe the SimpleLogin URL (https://app.simplelogin.io/api/alias/random/new) needs added to the "nginx_header_content_security_policy" parameter as I see there's an entry for haveibeenpwned which is another API the web vault uses to check if your email was included in a hacked credential dump.
bitwarden@bitwarden:/opt/bitwarden/bwdata$ grep nginx_header_content_security_policy config.yml
nginx_header_content_security_policy: "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://haveibeenpwned.com https://www.gravatar.com; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; connect-src 'self' wss://{0} https://api.pwnedpasswords.com https://twofactorauth.org; object-src 'self' blob:;"
bitwarden@bitwarden:/opt/bitwarden/bwdata$
### Operating System
Linux
### Operating System Version
Ubuntu 19.04
### Web Browser
Chrome, Firefox
### Browser Version
Firefox 109.0a1, Chromium 110.0.5427.0
### Build Version
Version 2022.10.0 (self hosted up-to-date)
### Issue Tracking Info
- [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
