mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-07-18 01:49:32 -05:00
[GH-ISSUE #6856] Error enabling “Apply organization data ownership” policy — API 404 + JS TypeError #30045
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @allanfrizzo on GitHub (Feb 21, 2026).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/6856
Prerequisites
Vaultwarden Support String
Your environment (Generated via diagnostics page)
Config & Details (Generated via diagnostics page)
Show Config & Details
Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, ORG_CREATION_USERS, INVITATIONS_ALLOWED, ADMIN_TOKEN, SSO_ENABLED, SSO_ONLY, SSO_SIGNUPS_MATCH_EMAIL, SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION, SSO_CLIENT_ID, SSO_CLIENT_SECRET, SSO_AUTHORITY, SSO_SCOPES, SSO_PKCE, SSO_DEBUG_TOKENS, SMTP_HOST, SMTP_SECURITY, SMTP_PORT, SMTP_FROM, SMTP_USERNAME, SMTP_PASSWORD
Config:
Vaultwarden Build Version
1.35.3
Deployment method
Official Container Image
Custom deployment method
No response
Reverse Proxy
Caddy 2.1
Host/Server Operating System
Linux
Operating System Version
RockyLinux 9.7
Clients
Web Vault
Client Version
No response
Steps To Reproduce
Environment (Diagnostics)
• Vaultwarden version: v1.35.3
• Web-vault version: v2026.1.1
• OS/Arch: linux/x86_64
• Container: Yes (Debian base)
• Database: PostgreSQL 16.11
• Uses config.json: Yes
• Reverse proxy: Yes
• IP header check: Enabled (X-Real-IP)
• Internet access: Yes
• DNS check: OK
• Timezone: America/Sao_Paulo
• Browser/Server time sync: OK
• NTP sync: OK
• Domain config: OK
• HTTPS: OK
• Websocket: OK
• HTTP response checks: OK
⸻
Description
When attempting to enable the policy “Apply organization data ownership”, the operation fails and the policy is not saved. The UI reports an error and browser console logs show both an API failure and a frontend exception.
⸻
Steps to Reproduce
1. Log in as organization admin
2. Go to Organization → Policies
3. Enable Apply organization data ownership
4. Click Save
⸻
Expected Behavior
Policy should be saved successfully and applied.
⸻
Actual Behavior
Policy save fails and is not applied.
⸻
Console Errors
PUT /api/organizations/{orgId}/policies/5/vnext 404 (Not Found)
Async submit exception:
TypeError: Cannot read properties of undefined (reading 'split')
bootstrap-autofill-overlay.js:
Uncaught (in promise) Error: Extension context invalidated
⸻
Observations
• API returns 404 for endpoint /policies/5/vnext
• Frontend appears to expect a response body but receives undefined
• The error strongly suggests a frontend/server API version mismatch
• Extension overlay error may be unrelated but included for completeness
⸻
Suspected Cause
Web vault version (v2026.1.1) appears to call a newer API route not implemented in Vaultwarden v1.35.3.
⸻
Impact
Unable to enable organization data ownership policy, blocking enforcement of organization-level data ownership and governance controls.
⸻
Workarounds Attempted
• Different browsers
• Incognito mode
• Disabled extensions
• Same result
⸻
Additional Notes
I can provide API traces or server logs if needed for debugging.
Expected Result
.
Actual Result
.
Logs
Screenshots or Videos
No response
Additional Context
No response
@stepech commented on GitHub (Feb 22, 2026):
Can confirm, worked around this issue by opening developer tools and editing the request (Right clicking the 404 request and chooding "edit and resend") so that it went to address without
/vnextand modified request data to be only{"enabled":true,"data":null}.@gabrielmajosi commented on GitHub (Feb 22, 2026):
Confirmed this works as a band-aid fix, the frontend/backend is mismatched with the expected input/out likely
@allanfrizzo commented on GitHub (Feb 23, 2026):
How can I verify whether this policy has been applied?