[PR #3870] Multiple domains support #3354

New issue

Open

opened 2026-03-03 09:58:31 +03:00 by kerem · 0 comments

kerem commented 2026-03-03 09:58:31 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/3870
Author: @BlockListed
Created: 9/9/2023
Status: 🔄 Open

Base: main ← Head: multiple-domains-support

---

📝 Commits (10+)

• 80d3c61 add configuration support for multiple domains
• 40edfa5 implement mutli domain support for auth headers
• 303eb30 remove domain_paths hashmap, since it's no longer used
• 17923c3 replace domain with base_url
• 0ebd877 make admin work with multi-domains
• 2c7b739 make fido app-id.json work with multi-domains
• e313745 make domain protocol validation work with multi-domains
• 0d7e678 make mail work with multi-domains
• 5462b97 make cors work with multi-domains
• f82a142 get domain and origin with single extractor

📊 Changes

17 files changed (+354 additions, -167 deletions)

View changed files

📝 src/api/admin.rs (+14 -9)
📝 src/api/core/accounts.rs (+11 -9)
📝 src/api/core/ciphers.rs (+11 -11)
📝 src/api/core/emergency_access.rs (+1 -1)
📝 src/api/core/mod.rs (+2 -1)
📝 src/api/core/organizations.rs (+5 -5)
📝 src/api/core/public.rs (+5 -3)
📝 src/api/core/sends.rs (+3 -3)
📝 src/api/core/two_factor/webauthn.rs (+45 -25)
📝 src/api/identity.rs (+30 -9)
📝 src/api/web.rs (+6 -3)
📝 src/auth.rs (+84 -39)
📝 src/config.rs (+89 -15)
📝 src/db/models/attachment.rs (+4 -4)
📝 src/db/models/cipher.rs (+3 -3)
📝 src/mail.rs (+28 -24)
📝 src/util.rs (+13 -3)

📄 Description

Fixes #2690

Very WIP PR, I just want some feedback about my approach for now.

I am planning to go with the allowed domains approach.

Overview:

• We create 2 Hashmaps, which map the Host header to either Domain or Origin.
• We create a hashmap, which maps the Host header to a combination of Domain and Origin.

Limitations:

• All domains have to have the same path, because otherwise we would need one web server instance for each different path.

Future:
- Change JWT system to create tokens, which work for a single domain.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/3870 **Author:** [@BlockListed](https://github.com/BlockListed) **Created:** 9/9/2023 **Status:** 🔄 Open **Base:** `main` ← **Head:** `multiple-domains-support` --- ### 📝 Commits (10+) - [`80d3c61`](https://github.com/dani-garcia/vaultwarden/commit/80d3c61cc2b7098a3dd7750a4ab68590d7510dcf) add configuration support for multiple domains - [`40edfa5`](https://github.com/dani-garcia/vaultwarden/commit/40edfa59900a828de65ec1702dbbc10bedfcc086) implement mutli domain support for auth headers - [`303eb30`](https://github.com/dani-garcia/vaultwarden/commit/303eb30ae4fc64afbb404b05db71705701a26709) remove domain_paths hashmap, since it's no longer used - [`17923c3`](https://github.com/dani-garcia/vaultwarden/commit/17923c3fd0ca24a1d537c3e1e0d446f847ed0609) replace domain with base_url - [`0ebd877`](https://github.com/dani-garcia/vaultwarden/commit/0ebd877fb86741ac16019ccdddcebdd6bdda3bfa) make admin work with multi-domains - [`2c7b739`](https://github.com/dani-garcia/vaultwarden/commit/2c7b739d497d44590525a9611935ee913b705a55) make fido app-id.json work with multi-domains - [`e313745`](https://github.com/dani-garcia/vaultwarden/commit/e313745f7c8d90b4dc6d3c350faef8e08af2ecd3) make domain protocol validation work with multi-domains - [`0d7e678`](https://github.com/dani-garcia/vaultwarden/commit/0d7e678c2ee415cfc47e6455cfdbb1aed8d0177d) make mail work with multi-domains - [`5462b97`](https://github.com/dani-garcia/vaultwarden/commit/5462b97c26cd7b8426919aee5bb6d5761299d15f) make cors work with multi-domains - [`f82a142`](https://github.com/dani-garcia/vaultwarden/commit/f82a142ceed15f425e92c877abc11b4f5b3a0294) get domain and origin with single extractor ### 📊 Changes **17 files changed** (+354 additions, -167 deletions) <details> <summary>View changed files</summary> 📝 `src/api/admin.rs` (+14 -9) 📝 `src/api/core/accounts.rs` (+11 -9) 📝 `src/api/core/ciphers.rs` (+11 -11) 📝 `src/api/core/emergency_access.rs` (+1 -1) 📝 `src/api/core/mod.rs` (+2 -1) 📝 `src/api/core/organizations.rs` (+5 -5) 📝 `src/api/core/public.rs` (+5 -3) 📝 `src/api/core/sends.rs` (+3 -3) 📝 `src/api/core/two_factor/webauthn.rs` (+45 -25) 📝 `src/api/identity.rs` (+30 -9) 📝 `src/api/web.rs` (+6 -3) 📝 `src/auth.rs` (+84 -39) 📝 `src/config.rs` (+89 -15) 📝 `src/db/models/attachment.rs` (+4 -4) 📝 `src/db/models/cipher.rs` (+3 -3) 📝 `src/mail.rs` (+28 -24) 📝 `src/util.rs` (+13 -3) </details> ### 📄 Description Fixes #2690 Very WIP PR, I just want some feedback about my approach for now. I am planning to go with the allowed domains approach. Overview: - ~~We create 2 Hashmaps, which map the Host header to either Domain or Origin.~~ - We create a hashmap, which maps the Host header to a combination of Domain and Origin. Limitations: - All domains have to have the same path, because otherwise we would need one web server instance for each different path. Future: ~~- Change JWT system to create tokens, which work for a single domain.~~ --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem added the

pull-request

label 2026-03-03 09:58:31 +03:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#3354

No description provided.