-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not considering the situation when the user domain name starts with “admin”. #3415
Comments
So, you internally redirect Since this is a feature request, i tend to move this to the discussions > ideas. |
This comment was marked as off-topic.
This comment was marked as off-topic.
Could you provide your reverse proxy config? And what you configured as your And, provide an answer to my question above please too. |
The additional statement has the meaning of some feature request, but the previous part was a bug. |
This comment was marked as duplicate.
This comment was marked as duplicate.
Yes, you are right. Everything worked fine in the previous version. The newly introduced |
You can put everything in a single comment 😉. |
@BlackDex If you have vaultwarden/src/static/scripts/admin.js Line 14 in 0b28ab3
will find the first /admin instead of the second.
So we should probably use baseUrl = "https://admin.example.com/admin"
"https://admin.example.com/admin"
baseUrl.indexOf('/admin')
7
baseUrl.lastIndexOf('/admin')
25 |
I replaced my front-end domain name with |
Ah, well, the that is clear info, thx @stefan0xC . And we did need the extra info, since the OP removes |
In my use case, there is no |
I think you understand my situation now, thank you very much. At present, it seems that you don't need to fix anything to the main program, except for |
I don't understand why not just use it this way: |
That doesn't work as far as i know, since fetch needs a FQDN. Anyways, i think we have the right info to try and see if we can fix this. |
I did some quick testing. And the problem more lays in that you do not use So, if you use this for example, that should solve your issues. location /vault {
proxy_pass http://127.0.0.1:8080/admin;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Replace cookie path so authentication still works
proxy_cookie_path /admin /vault;
sub_filter "/vw_static" "//$host/vw_static";
sub_filter "/admin/" "/vault/";
sub_filter "\"/admin\"" "\"/vault\"";
sub_filter_once off;
more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' abc.com; img-src 'self' data: abc.com https://haveibeenpwned.com/ https://www.gravatar.com ; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; connect-src 'self' https://api.pwnedpasswords.com/range/ https://2fa.directory/api/ https://app.simplelogin.io/api/ https://app.anonaddy.com/api/ https://relay.firefox.com/api/; object-src 'self' blob:; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ;";
}
location /vw_static {
proxy_pass http://127.0.0.1:8080/vw_static;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
sub_filter_types "application/javascript"
sub_filter "/vw_static" "//$host/vw_static";
sub_filter "/admin/" "/vault/";
sub_filter "\"/admin\"" "\"/vault\"";
sub_filter_once off;
more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' admin.bwrsdev.vyus.nl; style-src 'self' 'unsafe-inline' abc.com; img-src 'self' data: abc.com https://haveibeenpwned.com/ https://www.gravatar.com ; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; connect-src 'self' https://api.pwnedpasswords.com/range/ https://2fa.directory/api/ https://app.simplelogin.io/api/ https://app.anonaddy.com/api/ https://relay.firefox.com/api/; object-src 'self' blob:; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ;";
} I'm not planning on adding something flexible to change the I Already have a fix so it will not replace the starting |
Thanks. |
I found an issue when I specified Update: Actually, I noticed that many settings are reset to default values after every time I save the settings. |
- Fixed issue with domains starting with `admin` - Fixed issue with DUO not being enabled globally anymore (regression) - Renamed `Ciphers` to `Entries` in overview - Improved `ADMIN_TOKEN` description - Updated jquery-slim and datatables Resolves dani-garcia#3382 Resolves dani-garcia#3415 Resolves discussion on dani-garcia#3288
Subject of the issue
The file "admin.js" contains the following code:
If the domain name is
abc.com
, the function returnshttps://abc.com
.But if the domain name is
admin.abc.com
or justadminxxx.com
, the function returnshttps:/
. This is not the expected value.Additional statements
In addition, I hope you can consider the following discussion when fixing this issue. It is possible not to provide relevant functions, but please do not undermine the currently feasible workarounds.
#1494 (comment)
If my domain name is
abc.com
, in my use case, my background address ishttps://admin.abc.com/vault
.The text was updated successfully, but these errors were encountered: