[GH-ISSUE #836] Grabbing wrong favicon #586

New issue

Closed

opened 2026-03-03 02:01:05 +03:00 by kerem · 3 comments

kerem commented 2026-03-03 02:01:05 +03:00

Owner

Copy link

Originally created by @Crow-Control on GitHub (Jan 30, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/836

Subject of the issue

It seems Bitwarden_rs always tries to download favicons from domain-root and ignores actual favicon settings on the login page. this leads to an abundance of errors/warnings and timeouts.

Your environment

• Bitwarden_rs version:

• Install method:
• Clients used:
• Reverse proxy and version:
• Version of mysql/postgresql:
• Other relevant information:

Steps to reproduce

Add a login for this site:
https://signin.netapp.com/oamext/login.html

Look at the logs, notice it tries to download the favicon from:
http://signin.netapp.com/favicon.ico
Notice how it fails to download the icon.

Now look at the page network tab, notice the actual URL for the favicon is:
https://signin.netapp.com/oamext/images/favicon.ico

Now look at the page source, notice that the favicon is described here:

 <link href="./images/favicon.ico" rel="icon" type="image/x-icon">
      <link href="./images/favicon.ico" rel="shortcut icon" type="image/x-icon">

Expected behaviour

It should respect the favicon setting of the login pages.

Actual behaviour

It always tries to grab domain-root favicons and totally ignores actual favicon settings.

Relevant logs

[2020-01-30 18:16:55][bitwarden_rs::api::icons][INFO] Icon save error: Os { code: 13, kind: PermissionDenied, message: "Permission denied" }
[2020-01-30 18:16:55][response][INFO] GET /icons/<domain>/icon.png (icon) => 200 OK
[2020-01-30 18:16:55][bitwarden_rs::api::icons][INFO] Download failed for http://signin.netapp.com/favicon.ico
[2020-01-30 18:16:55][bitwarden_rs::api::icons][ERROR] Error downloading icon: Empty response
[2020-01-30 18:16:55][bitwarden_rs::api::icons][INFO] Icon save error: Os { code: 13, kind: PermissionDenied, message: "Permission denied" }

Originally created by @Crow-Control on GitHub (Jan 30, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/836 ### Subject of the issue It seems Bitwarden_rs always tries to download favicons from domain-root and ignores actual favicon settings on the login page. this leads to an abundance of errors/warnings and timeouts. ### Your environment <!-- The version number, obtained from the logs or the admin page --> * Bitwarden_rs version: <!-- How the server was installed: Docker image / package / built from source --> * Install method: * Clients used: <!-- if applicable --> * Reverse proxy and version: <!-- if applicable --> * Version of mysql/postgresql: <!-- if applicable --> * Other relevant information: ### Steps to reproduce Add a login for this site: https://signin.netapp.com/oamext/login.html Look at the logs, notice it tries to download the favicon from: `http://signin.netapp.com/favicon.ico` Notice how it fails to download the icon. Now look at the page network tab, notice the actual URL for the favicon is: `https://signin.netapp.com/oamext/images/favicon.ico` Now look at the page source, notice that the favicon is described here: ``` <link href="./images/favicon.ico" rel="icon" type="image/x-icon"> <link href="./images/favicon.ico" rel="shortcut icon" type="image/x-icon"> ``` ### Expected behaviour It should respect the favicon setting of the login pages. ### Actual behaviour It always tries to grab domain-root favicons and totally ignores actual favicon settings. ### Relevant logs ``` [2020-01-30 18:16:55][bitwarden_rs::api::icons][INFO] Icon save error: Os { code: 13, kind: PermissionDenied, message: "Permission denied" } [2020-01-30 18:16:55][response][INFO] GET /icons/<domain>/icon.png (icon) => 200 OK [2020-01-30 18:16:55][bitwarden_rs::api::icons][INFO] Download failed for http://signin.netapp.com/favicon.ico [2020-01-30 18:16:55][bitwarden_rs::api::icons][ERROR] Error downloading icon: Empty response [2020-01-30 18:16:55][bitwarden_rs::api::icons][INFO] Icon save error: Os { code: 13, kind: PermissionDenied, message: "Permission denied" } ```

kerem closed this issue 2026-03-03 02:01:05 +03:00

kerem commented 2026-03-03 02:01:06 +03:00

Author

Owner

Copy link

@Crow-Control commented on GitHub (Jan 30, 2020):

This problem mostly shows with websites that host a login page on a sub page, but don't host anything on the login subdomain itself.

Another example:
https://signin.ea.com/ doesn't host anything (and errors out on the favicon too)
Because this is the real login page:
https://signin.ea.com/p/web2/login*LOGIN DATA STRING*

<!-- gh-comment-id:580375876 --> @Crow-Control commented on GitHub (Jan 30, 2020): This problem mostly shows with websites that host a login page on a sub page, but don't host anything on the login subdomain itself. Another example: `https://signin.ea.com/ ` doesn't host anything (and errors out on the favicon too) Because this is the real login page: `https://signin.ea.com/p/web2/login*LOGIN DATA STRING*`

kerem commented 2026-03-03 02:01:06 +03:00

Author

Owner

Copy link

@dani-garcia commented on GitHub (Jan 30, 2020):

Well the clients only send the subdomain and domain, in this case the server gets https://signin.netapp.com, so if the image can't be obtained from there then there isn't much we can do other than hardcode the value.

<!-- gh-comment-id:580430776 --> @dani-garcia commented on GitHub (Jan 30, 2020): Well the clients only send the subdomain and domain, in this case the server gets `https://signin.netapp.com`, so if the image can't be obtained from there then there isn't much we can do other than hardcode the value.

kerem commented 2026-03-03 02:01:06 +03:00

Author

Owner

Copy link

@Crow-Control commented on GitHub (Jan 30, 2020):

@dani-garcia Thats quite a major design oversight by upstream. As favicon locations are not actually standardised at all. But indeed, not yours to fix, you can't magically summon what you don't have.

Thanks for the reply :)

<!-- gh-comment-id:580437173 --> @Crow-Control commented on GitHub (Jan 30, 2020): @dani-garcia Thats quite a major design oversight by upstream. As favicon locations are not actually standardised at all. But indeed, not yours to fix, you can't magically summon what you don't have. Thanks for the reply :)

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#586

No description provided.