Issues with Icons from Websites

tweak · November 19, 2023, 11:46am

Hello,
I have an on-prem Vaultwarden instance running and the problem is that the icons are not loading.

Either there is something wrong with the settings or I don’t understand how it works.

Is it correct that the server tries to access every website that has a password and thus cache the icon?
If so, that would mean that I would have to let a password safe into the Internet using 443/tcp and 80/tcp.

I actually thought the addressed address for this was icons.bitwarden.com?
However, I don’t see any calls on my firewall.

Thanks for the help!
Best regards

BlackDex · November 19, 2023, 12:12pm

Icons are loaded by Vaultwarden it self by default.
Check /admin/diagnostics if you have internet access.

tweak · November 19, 2023, 2:15pm

No i didn’t have internet access.
So its true that my vaultwarden password-safe trys to get the icons from every url I enter?

BlackDex · November 19, 2023, 3:47pm

Yes, how else would it gather those

If you do not want Vaultwarden to fetch them locally, you can also configure redirects which then either use icons.bitwarden.com, google, duckduckgo or anything else which can provide this via some URL you can configure your self.

tweak · November 19, 2023, 4:00pm

Ok,
I thought, this will be done with the only url “icons.bitwarden.com”.
So I can setup a dns-based firewall-rule which only allows this destination.

But not to all kinds of destinations?

If i try to go to https://icons.bitwarden.com/google.com/icon.png → i get the correct icon, so it should work with this?

Are there any documentation about configuring the icons?

BlackDex · November 19, 2023, 4:13pm

If you enable the redirects Vaultwarden send a redirect to the browser/client and they then use that.

github.com

dani-garcia/vaultwarden/blob/48836501bf348386d9bb1378fb56db33c19d3732/.env.template#L188..L199


      
          ## Note that if the DB already has WAL enabled, you will also need to disable WAL in the DB,
          ## this setting only prevents Vaultwarden from automatically enabling it on start.
          ## Please read project wiki page about this setting first before changing the value as it can
          ## cause performance degradation or might render the service unable to start.
          # ENABLE_DB_WAL=true
          
          ## Database connection retries
          ## Number of times to retry the database connection during startup, with 1 second delay between each retry, set to 0 to retry indefinitely
          # DB_CONNECTION_RETRIES=15
          
          ## Icon service
          ## The predefined icon services are: internal, bitwarden, duckduckgo, google.
          ## To specify a custom icon service, set a URL template with exactly one instance of `{}`,
          ## which is replaced with the domain. For example: `https://icon.example.com/domain/{}`.
          ##
          ## `internal` refers to Vaultwarden's built-in icon fetching implementation.
          ## If an external service is set, an icon request to Vaultwarden will return an HTTP
          ## redirect to the corresponding icon at the external service. An external service may
          ## be useful if your Vaultwarden instance has no external network connectivity, or if
          ## you are concerned that someone may probe your instance to try to detect whether icons
          ## for certain sites have been cached.

tweak · November 19, 2023, 4:20pm

Thanks for this Information!
If I configrure it this way, the client will capture the icons, right?
Otherwise the server would get it?

BlackDex · November 19, 2023, 4:33pm

Indeed. Though, the server still gets the request, but it doesn’t fetch them.it self.

tweak · November 19, 2023, 4:38pm

One last question, is it possible to use the server as cache? So the Server gets the icons e.g. from duckduckgo and puts them in his cache.
Every Client will get the icons now from the server?

Thx

BlackDex · November 19, 2023, 5:24pm

No, that isn’t currently possible.

ShadowPulse · December 1, 2023, 1:37pm

From what I see, I suggest you review your Vaultwarden server settings. Ensure that the icon fetching feature is enabled. There should be a setting related to favicon downloading or icon fetching.

Topic		Replies	Views
Vaultwarden flagged as unsafe by Google Help	4	1293	July 13, 2023
Web icons on Bitwarden Android Help	17	1781	November 16, 2021
"encrypt" filenames in "icon_cache" directory Feature Requests	2	848	August 12, 2021
No favicon / No user icon Help	1	36	December 10, 2024
Vaultwarden communicating with sites stored in vault	2	204	October 23, 2023

Issues with Icons from Websites

Related topics