Blank screen in developer mode

Although have played just a few days with HashiCorp vault, I quiet new to it.
Everything is working fine in our enterprise environment. But as the enterprise environment is quiet closed, I decided to install vault on my local PC to further develop some REST PowerShell scripts.
The problem is that after some REST calls, I somehow managed to break the UI part (even if I completely restart my PC and start over).


if I open the UI (, all I get is a blank screen.

In the developer console, I get the following errors: Refused to load the font 'data:font/truetype;charset=utf-8;base64, d09GRgABAAAAALM7AA8AAAABq0AAAAAAAACyRAAAAPcAAAHiAAAAAAAAAABHUE9TAACIDAAAIgQAAH82Ol56cUdTVUIAAKoQAAAIMwAAFD6gNKPBT1MvMgAAAdAAAABVAAAAYGbqc4pjbWFwAAAGbAAAA3wAAAU4Vch3gWN2dCAAAAwYAAAAQAAAAEAQPwNiZnBnbQAACegAAAEDAAABcwZZnDdnbHlmAAAQvAAAbJ4AAOZUwSn/MmhlYWQAAAFYAAAANgAAADYGApswaGhlYQAAAZAAAAAgAAAAJAdbBRtobXR4AAACKAAABEIAAAjwrN1ggGxvY2EAAAxYAAAEYgAABHqHyk9obWF4cAAAAbAAAAAgAAAAIARWA2ZuYW1lAAB9XAAAAoEAAAZuOd88j3Bvc3QAAH/gAAAIKgAAEi5ynk2NcHJlcAAACuwAAAEqAAACpAoaNTMAAQAAAAEAAA...STdLpgIn7fZCqSu5rDezyzyKpZz7vqhExLsEP0L+KQltJygoVYTqVM+PxDJaFaVekJvaE39RY7sTO7sCu7sbtQL3VQf92n+/WAHtRDehiopT2d6UU/BrAAS7EsK7Em67IBO/KnjVXM1dKhE3yixfOtb3pmZY70/HBUmjxmflv/BTgtM3AAeAGFUUV3wzAM/it6vowXOA1cj5nxrueojZPWynPUDv58uWO4iT+Q7pBghoLQo1A79g2VrMbK6B75jAN47FBDPU56EMfDZhxDGsfrCrqh3VC5SLURRZY7HQrWYVteKlodpgoio9vOkq8JXPbzETifDPx3LGpP54wWehazx17QCjjf5O3v49DkAG/Yfph1UIbYOhpv69k5oy1XL8G1cpkent9bGPPae7sJ96Ojb5sfFwJm1MFQTnePAla5K8HVgPDWBG5+vRbd2fwJg7xahhNv34+/Lb05R9MPTH3KQBiu2ZYkY43dmoA9tEiqcfHN+Gj2VzMA6Y+oeQ==' because it violates the following Content Security Policy directive: "font-src 'self'". Refused to load the font 'data:font/truetype;charset=utf-8;base64, d09GRgABAAAAAMjjABIAAAAB2mAAAAAAAADH7AAAAPcAAAHiAAAAAAAAAABHUE9TAACdfAAAIjcAAH80VqR1REdTVUIAAL+0AAAINwAAFD6g7KTPTFRTSAAABwQAAABHAAACQYV/Ri1PUy8yAAACDAAAAFQAAABgZ050kmNtYXAAAB1cAAAChQAAA/wdE0d/Y3Z0IAAAIdQAAAA0AAAANAq+BC1mcGdtAAAf5AAAAQUAAAFzBpmcN2dhc3AAAJ1wAAAADAAAAAwABwAHZ2x5ZgAAJnAAAGxKAADg/GpVnLBoZG14AAAHTAAAFhAAADPIAPyiAmhlYWQAAAGUAAAANQAAADYF/aZQaGhlYQAAAcwAAAAgAAAAJAdxBTBobXR4AAACYAAABKIAAAj0wQRTzWxvY2EAACIIAAAEZwAABHxHMIAQbWF4cAAAAewAAAAgAAAAIARXAs1uYW1lAACSvA...2hawUjGKWSTHlyN3B4j2cWs3I2964qIdNK7Bn7l3NIq2gNwdKsrkImONznSahSZTpEh+owvcW+7Mf+HMCBHCTUSS3UXS/oRb2kl/WKXkVU0IxWdKQr3VmSlVmNtdmIzdiSffjdhinO1apRR/hEi8+3rumZFRzp+eEo1XnM/Kz/ABXXNDcAeAGFUUV3wzAM/it6vowXOA1cj5nxrueojZPWynPUDv58uWO4iT+Q7pBghoLQo1A79g2VrMbK6B75jAN47FBDPU56EMfDZhxDGsfrCrqh3VC5SLURRZY7HQrWYVteKlodpgoio9vOkq8JXPbzETifDPx3LGpP54wWehazx17QCjjf5O3v49DkAG/Yfph1UIbYOhpv69k5oy1XL8G1cpkent9bGPPae7sJ96Ojb5sfFwJm1MFQTnePAla5K8HVgPDWBG5+vRbd2fwJg7xahhNv34+/Lb05R9MPTH3KQBiu2ZYkY43dmoA9tEiqcfHN+Gj2VzMA6Y+oeQ==' because it violates the following Content Security Policy directive: "font-src 'self'". Refused to execute script from '' because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled. Refused to execute script from '' because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled. Refused to execute script from '' because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled.

The interesting part is that the same thing happens on my private PC where the only common thing I can see is my google account…

  • But the issue is not browser depended (as it happens in Chrome, Edge, IE and FireFox)
  • The two PCs differ a lot (for one I am using a local account, for the other, I have a Windows account)
  • One is Windows 10, the other Windows 11
  • One runs McAfee, the other Windows Defender

Using an complete different (Google) account on another 3rd PC doesn’t show the issue though.

Vault Status

Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    1
Threshold       1
Version         1.9.0
Storage Type    inmem
Cluster Name    vault-cluster-e0908e84
Cluster ID      43c5fd57-cb4f-0a4b-4941-81302d7f386e
HA Enabled      false

Any clues of what might be wrong here?

Sounds like a plugin or setting in your browser. Probably a security https ONLY setting (maybe a required TLS setting).


Thanks for the reply and sorry for my late response but I spend a lot of time troubleshooting this and needed to check the security implications of the loosely-typed mime types.

The issue is not related to the browser (it happens on all the browsers I tested, in privacy mode, without extensions, etc.), as a matter of fact I found out the common thing about the two PCs I am using and confirmed it on the third PC to be the cause:

  1. The issue appears after installing Visual Studio 2022 ➔ Community ➔ .Net developing (default selection)
  2. Then just start vault in developer mode: vault server -dev
  3. And open the UI:

(I would be happy if somebody could confirm the issue scenario.)

And I think the appropriate solution is to have explicit mime types defined in the Vault UI scripts, fonts and whatever comes next and therefore I have opened a formal bug report: #13357 Blank UI screen.
But if anybody has another solution or workaround to run Vault on a system where Visual Studio 2022 is installed, I am happy to hear.

As I was afraid of: removing Visual Studio 2022 apparently leaves the “concerned setting” and therefore doesn’t fix the issue.
I have no clue what the “concerned setting” (policy?, registry?) actually is and how it can be reset. All I see (from stackoverflow “Refused to execute script…” responses) is how this should be fixed from within the application (aka Vault).
Any suggestions how to workaround or fix this without completely reinstalling my PC?

tested issue happened on win10 without visualstudion 2022. It’s a web security setting issue which you can update your registry as following mentioned as a workround.