[GH-ISSUE #681] Excluded domain rules still in effect #457

New issue

Closed

opened 2026-03-03 01:29:20 +03:00 by kerem · 1 comment

kerem commented

2026-03-03 01:29:20 +03:00

Owner

Originally created by @patrickli on GitHub (Oct 24, 2019).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/681

In the web vault you can configure domain rules for equivalent domains. This works for extra custom domains. But if I want to exclude a predefined Global Equivalent Domains, the logins for excluded domains are still listed together.

For example:

Exclude item mi.com, xiaomi.com from the vault.
Create one item for mi.com, one item for xiaomi.com.
Force sync browser extension.
Visit mi.com.

Expected Outcome:
Only item for mi.com is listed in the extension.

Actual Outcome:
Both items are listed.

This is tested on the Chrome extension. Tested with official bitwarden vault and it does not have this problem. Browser extension honored the exclusion correctly.

Originally created by @patrickli on GitHub (Oct 24, 2019). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/681 In the web vault you can configure domain rules for equivalent domains. This works for extra custom domains. But if I want to exclude a predefined `Global Equivalent Domains`, the logins for excluded domains are still listed together. For example: 1. Exclude item `mi.com, xiaomi.com` from the vault. 2. Create one item for `mi.com`, one item for `xiaomi.com`. 3. Force sync browser extension. 4. Visit `mi.com`. Expected Outcome: Only item for `mi.com` is listed in the extension. Actual Outcome: Both items are listed. This is tested on the Chrome extension. Tested with official bitwarden vault and it does not have this problem. Browser extension honored the exclusion correctly.

kerem closed this issue

2026-03-03 01:29:20 +03:00

kerem commented

2026-03-03 01:29:21 +03:00

Author

Owner

@patrickli commented on GitHub (Nov 3, 2019):

Had a dig myself today.

According to the syncService, it simply adds all that is returned from /api/sync to the EquivalentDomains setting.

There is a difference in the returned values between the official API and this implementation.

Official Implementation
Under the GlobalEquivalentDomains key, no excluded domains are returned.

bitwarden_rs Implementation
All domains including the excluded are returned, with an extra Excluded attribute indicating whether the item is excluded. In fact the official implementation does not have the Excluded and Type attributes at all.

So the fix is to change the logic here and add a filter to remove all excluded items. Or this can be done as an extra parameter at get_eq_domains.

Sorry I can't code rust otherwise will try to do a PR.

@patrickli commented on GitHub (Nov 3, 2019): Had a dig myself today. According to the [syncService](https://github.com/bitwarden/jslib/blob/master/src/services/sync.service.ts#L294), it simply adds all that is returned from `/api/sync` to the `EquivalentDomains` setting. There is a difference in the returned values between the official API and this implementation. Official Implementation Under the `GlobalEquivalentDomains` key, no excluded domains are returned. bitwarden_rs Implementation All domains including the excluded are returned, with an extra `Excluded` attribute indicating whether the item is excluded. In fact the official implementation does not have the `Excluded` and `Type` attributes at all. So the fix is to change the logic [here](https://github.com/dani-garcia/bitwarden_rs/blob/master/src/api/core/ciphers.rs#L91) and add a filter to remove all excluded items. Or this can be done as an extra parameter at [`get_eq_domains`](https://github.com/dani-garcia/bitwarden_rs/blob/master/src/api/core/mod.rs#L83). Sorry I can't code rust otherwise will try to do a PR.