Issues with Icons from Websites

tweak · November 19, 2023, 11:46am

Hello,
I have an on-prem Vaultwarden instance running and the problem is that the icons are not loading.

Either there is something wrong with the settings or I don’t understand how it works.

Is it correct that the server tries to access every website that has a password and thus cache the icon?
If so, that would mean that I would have to let a password safe into the Internet using 443/tcp and 80/tcp.

I actually thought the addressed address for this was icons.bitwarden.com?
However, I don’t see any calls on my firewall.

Thanks for the help!
Best regards

BlackDex · November 19, 2023, 12:12pm

Icons are loaded by Vaultwarden it self by default.
Check /admin/diagnostics if you have internet access.

tweak · November 19, 2023, 2:15pm

No i didn’t have internet access.
So its true that my vaultwarden password-safe trys to get the icons from every url I enter?

BlackDex · November 19, 2023, 3:47pm

Yes, how else would it gather those

If you do not want Vaultwarden to fetch them locally, you can also configure redirects which then either use icons.bitwarden.com, google, duckduckgo or anything else which can provide this via some URL you can configure your self.

tweak · November 19, 2023, 4:00pm

Ok,
I thought, this will be done with the only url “icons.bitwarden.com”.
So I can setup a dns-based firewall-rule which only allows this destination.

But not to all kinds of destinations?

If i try to go to https://icons.bitwarden.com/google.com/icon.png → i get the correct icon, so it should work with this?

Are there any documentation about configuring the icons?

BlackDex · November 19, 2023, 4:13pm

If you enable the redirects Vaultwarden send a redirect to the browser/client and they then use that.

github.com

dani-garcia/vaultwarden/blob/48836501bf348386d9bb1378fb56db33c19d3732/.env.template#L188..L199


      
          ## Note that if the DB already has WAL enabled, you will also need to disable WAL in the DB,
          ## this setting only prevents Vaultwarden from automatically enabling it on start.
          ## Please read project wiki page about this setting first before changing the value as it can
          ## cause performance degradation or might render the service unable to start.
          # ENABLE_DB_WAL=true
          
          ## Database connection retries
          ## Number of times to retry the database connection during startup, with 1 second delay between each retry, set to 0 to retry indefinitely
          # DB_CONNECTION_RETRIES=15
          
          ## Icon service
          ## The predefined icon services are: internal, bitwarden, duckduckgo, google.
          ## To specify a custom icon service, set a URL template with exactly one instance of `{}`,
          ## which is replaced with the domain. For example: `https://icon.example.com/domain/{}`.
          ##
          ## `internal` refers to Vaultwarden's built-in icon fetching implementation.
          ## If an external service is set, an icon request to Vaultwarden will return an HTTP
          ## redirect to the corresponding icon at the external service. An external service may
          ## be useful if your Vaultwarden instance has no external network connectivity, or if
          ## you are concerned that someone may probe your instance to try to detect whether icons
          ## for certain sites have been cached.

tweak · November 19, 2023, 4:20pm

Thanks for this Information!
If I configrure it this way, the client will capture the icons, right?
Otherwise the server would get it?

BlackDex · November 19, 2023, 4:33pm

Indeed. Though, the server still gets the request, but it doesn’t fetch them.it self.

tweak · November 19, 2023, 4:38pm

One last question, is it possible to use the server as cache? So the Server gets the icons e.g. from duckduckgo and puts them in his cache.
Every Client will get the icons now from the server?

Thx

BlackDex · November 19, 2023, 5:24pm

No, that isn’t currently possible.

ShadowPulse · December 1, 2023, 1:37pm

From what I see, I suggest you review your Vaultwarden server settings. Ensure that the icon fetching feature is enabled. There should be a setting related to favicon downloading or icon fetching.

Topic		Replies	Views
Web icons on Bitwarden Android Help	17	1619	November 16, 2021
RFC: Use external icon sources Feature Requests	4	720	March 22, 2021
iOS App not showing vault item icons Help	11	502	February 9, 2023
Browser bitwarden addon wont login Help	7	2801	April 15, 2024
Has anyone else been flagged by google as being "deceptive"? Help	4	610	March 24, 2023

Issues with Icons from Websites

Related Topics