Can we get ride of the '/#/' in the URL?

[Nemirtingas]

Hi,

I've setup a pangolin (https://github.com/fosrl/pangolin) instance, and put my vaultwarden behind it. I'd like to disable pangolin only for the sends, so anybody can get access to the sends I create. Unfortunately, because the single page application is using hashs, the real url sent to the server is /, so I don't think there is a way actually for me to allow only "/#/send/". And I obviously doesn't want to unprotect that service.

If you got an idea on how I could do that, I'm all ears ;)

[BlackDex]

That is how these web pages work.
The /#/ part is never send to the server as you mentioned your self.

You could try to block everything but the send API calls.

[Nemirtingas]

Allowing /api/sends/access/* makes the api accessible, but I only get the send blob, I still need the webapp to transform that into a readable send 🤔