mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-04-26 01:35:54 +03:00
[GH-ISSUE #481] Regex Blacklist Icon Cache Improvement #298
Labels
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/vaultwarden#298
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @jonathanmmm on GitHub (May 15, 2019).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/481
Hi,
I would suggest to improve the default icon blacklist regex (if there is a default).
Version 1:
Disable icons for all private IP addresses (either IPv4 and maybe IPv6?!) not just 192.168.1.x also 192.168.x.x, 10.x.x.x and 172.x.x.x (or what the third was for Ipv4) also 127.x.x.x
Version 2:
Try to fetch the icon as the server directly from the IPs, problem: the server maybe in a different Environment than the local IPs or if the client asks for them he would potentially ask private IP addresses for Icons in all networks he is connected to.
@dani-garcia commented on GitHub (May 16, 2019):
At the moment the blacklist is disabled by default, and I'm not sure providing a default is necessarily a good idea, we should probably have a Wiki entry with some examples and explanations though.
In any case, if someone is paranoid enough that revealing the pressence of a server in the internal network is a real issue, I would recommend them to isolate or firewall the bitwarden_rs server in the first place.
@jonathanmmm commented on GitHub (May 25, 2019):
@dani-garcia
Ok, I understanf
Would it be possible if the Ip address is private to use the Ip plus port so that the icons get cached by the server. E.g. a router has also a smybol or any other webservice.
Because right know they don't have one, e.g. my router because you can't reach this services from outside you can't fetch the icons as the "bitwarden.com icon server" and reply it back to the bitwarden_rs icon cache.
Or is it possible to custom the icons without switching the TTL of? Because not internal icons should still be updated.
@jonathanmmm commented on GitHub (Jun 19, 2019):
@dani-garcia
Hi Dani-Garcia
I found out that I get icons from my router or my wd cloud storage.
Does the server gets these icons directly from within the network?
Because the bitwarden.com icon server can't know which icon is needed by http://192.168.2.4 for example.
I have seen in another issue that bitwarden_rs is trying to directly connect to the server and not through the bitwarden.com server? Is the address smth like http://192.168.2.4/icon.png or which path has an icon to be to be shown in bitwarden (or is it per href in html?)
@mprasil commented on GitHub (Jun 19, 2019):
@jonathanmmm currently the icons are fetched directly from the server. (client sends request to server to get the icon, server will fetch it and cache it server-side) It will try to parse html to gather some possible sources of icons and then goes with the most optimal size. So yeah, if you host your server locally (or if it has route to your network) it should be able to load the favicon.
@BlackDex commented on GitHub (Jul 31, 2019):
@jonathanmmm regarding the ip+port part. That doesn't seem to be possible as far as i know. Since only the host is given without any path or port. Not even if it is https or http.
@mprasil commented on GitHub (Nov 11, 2019):
I believe this was implemented and by default
bitwarden_rsdoes not fetch icons from IPs in the private IP range.