[GH-ISSUE #843] Add env/config option to allow additional iframe ancestors #594

New issue

Closed

opened 2026-03-03 02:01:08 +03:00 by kerem · 1 comment

kerem commented

2026-03-03 02:01:08 +03:00

Owner

Originally created by @Crow-Control on GitHub (Feb 1, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/843

In some cases someone might want to include bitwarden into another website by iframe.
While there are a lot of cases where this idea is insanely stupid, it might be interesting in cases where a secure intranet website is used such as next-cloud.

This is not a problem in itself, but currently the code doesn't allow ANY iframe except from itself and the chrome extention.

github.com/dani-garcia/bitwarden_rs@d212dfe735/src/util.rs (L26)

I suggest keeping the current setting, but adding a variable that grabs any additional options in a config options or env. variable.

It should be relatively easy to do but increase the useability considerably.

Originally created by @Crow-Control on GitHub (Feb 1, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/843 In some cases someone might want to include bitwarden into another website by iframe. While there are a lot of cases where this idea is insanely stupid, it might be interesting in cases where a secure intranet website is used such as next-cloud. This is not a problem in itself, but currently the code doesn't allow ANY iframe except from itself and the chrome extention. https://github.com/dani-garcia/bitwarden_rs/blob/d212dfe735e59128667a4c579e52ce7e86b53a94/src/util.rs#L26 I suggest keeping the current setting, but adding a variable that grabs any additional options in a config options or env. variable. It should be relatively easy to do but increase the useability considerably.