[PR #2918] [MERGED] Set "Bypass admin page security" as read-only #3183

New issue

Closed

opened 2026-03-03 09:41:46 +03:00 by kerem · 0 comments

kerem commented 2026-03-03 09:41:46 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/2918
Author: @BlackDex
Created: 11/14/2022
Status: ✅ Merged
Merged: 11/27/2022
Merged by: @dani-garcia

Base: main ← Head: issue-2761

---

📝 Commits (1)

• b141f78 Set "Bypass admin page security" as read-only

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 src/config.rs (+1 -1)

📄 Description

It was possible to disable the admin security via the admin interface. This is kinda insecure as mentioned in #2761.

This PR set this value as read-only and admin's need to set the correct ENV variable. Currently saved settings which do override this are still valid though. If an admin want's this removed, they either need to reset the config, or change the value in the config.json file.

Fixes #2761

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/2918 **Author:** [@BlackDex](https://github.com/BlackDex) **Created:** 11/14/2022 **Status:** ✅ Merged **Merged:** 11/27/2022 **Merged by:** [@dani-garcia](https://github.com/dani-garcia) **Base:** `main` ← **Head:** `issue-2761` --- ### 📝 Commits (1) - [`b141f78`](https://github.com/dani-garcia/vaultwarden/commit/b141f789f6905006bcf07546223bc632b453e421) Set "Bypass admin page security" as read-only ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `src/config.rs` (+1 -1) </details> ### 📄 Description It was possible to disable the admin security via the admin interface. This is kinda insecure as mentioned in #2761. This PR set this value as read-only and admin's need to set the correct ENV variable. Currently saved settings which do override this are still valid though. If an admin want's this removed, they either need to reset the config, or change the value in the `config.json` file. Fixes #2761 --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-03-03 09:41:46 +03:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#3183

No description provided.