[PR #2624] [MERGED] Fix issue with CSP and icon redirects #3122

New issue

Closed

opened 2026-03-03 09:25:57 +03:00 by kerem · 0 comments

kerem commented 2026-03-03 09:25:57 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/2624
Author: @BlackDex
Created: 7/17/2022
Status: ✅ Merged
Merged: 7/17/2022
Merged by: @dani-garcia

Base: main ← Head: fix-2623-csp-icon-redirect

---

📝 Commits (1)

• 0f95bdc Fix issue with CSP and icon redirects

📊 Changes

3 files changed (+47 additions, -32 deletions)

View changed files

📝 src/api/icons.rs (+3 -21)
📝 src/config.rs (+32 -0)
📝 src/util.rs (+12 -11)

📄 Description

When using anything else but the internal icon service it would
trigger an CSP block because the redirects were not allowed.

This PR fixes #2623 by dynamically adding the needed CSP strings.
This should also work with custom services.

For Google i needed to add an extra check because that does a redirect
it self to there gstatic.com domain.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/2624 **Author:** [@BlackDex](https://github.com/BlackDex) **Created:** 7/17/2022 **Status:** ✅ Merged **Merged:** 7/17/2022 **Merged by:** [@dani-garcia](https://github.com/dani-garcia) **Base:** `main` ← **Head:** `fix-2623-csp-icon-redirect` --- ### 📝 Commits (1) - [`0f95bdc`](https://github.com/dani-garcia/vaultwarden/commit/0f95bdc9bbf7949ca8bf436c088d5e09ea2c6e82) Fix issue with CSP and icon redirects ### 📊 Changes **3 files changed** (+47 additions, -32 deletions) <details> <summary>View changed files</summary> 📝 `src/api/icons.rs` (+3 -21) 📝 `src/config.rs` (+32 -0) 📝 `src/util.rs` (+12 -11) </details> ### 📄 Description When using anything else but the `internal` icon service it would trigger an CSP block because the redirects were not allowed. This PR fixes #2623 by dynamically adding the needed CSP strings. This should also work with custom services. For Google i needed to add an extra check because that does a redirect it self to there gstatic.com domain. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-03-03 09:25:57 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-03-03 09:41:58 +03:00

[PR #3122] [CLOSED] Bump tokio from 1.23.0 to 1.23.1 #3221

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#3122

No description provided.