Vaultwarden error message NGINX: Header 'cross-origin-resource-policy' missing!

[MichaDebuss]

Hello everyone,

I have a self-hosted Vaultwarden instance. After an update, its diagnostics display the following error message:

HTTP Response validation Error
2FA Connector calls:
Header: 'cross-origin-resource-policy' is missing!

On my OPNsense (25.1) system, I'm running the NGINX Plugin (version 1.34_6) as a reverse proxy.
What do I need to configure to eliminate this error message?

I appreciate any suggestions or help.

Best regards,
Michael

[RamSense]

Hi Michael,

Running Vaultwarden local here also. Although I have (other) problems with Nginx since Opnsense 25.1 (see https://forum.opnsense.org/index.php?topic=45602.0)
Vaultwarden runs as it should. HTTP Response validation OK

Do you have the domain set in vaultwarden: general settings - Domain URL ?

or at opnsense - nginx - http server - Security Header -> do you have a security header set?
Remove this and see if it works, if yes, you have to change your security headers.

[MichaDebuss]

Hi RamSense,

thank you for your reply.

The domain URL is set in the Vaultwarden general settings and there is no security headers in nginx http server set.





Any further ideas?

Best regards,

Micha

[RamSense]

I have HTTP Server - HTTP Listen Address empty (removed 80, [::]:80)

And I see you have : Advanced ACL Authentication Backend
you could remove that to test if that is blocking (you)

[MichaDebuss]

Yes!

Thank you so much RamSense. It's working now.

Best regards,

Micha

[RamSense]

Good to hear!