Wrong domain URL in general settings break the admin panel #1262

New Issue

Closed

opened 2026-02-05 00:24:20 +03:00 by OVERLORD · 1 comment

OVERLORD commented 2026-02-05 00:24:20 +03:00

Owner

Copy Link

Originally created by @mh4ckt3mh4ckt1c4s on GitHub (Apr 30, 2022).

Subject of the issue

When using a wrong value in the URL Domain parameter of the General settings of the admin panel, saving this parameter break the admin panel. The CSS and images are not loaded anymore, and the parameters can't be changed (saving is resulting to an unknown error). Also, you will never be able to log in the admin panel again once you logged out after this bug.

Deployment environment

• Vaultwarden version: v1.24.0

• Web-vault version: v2.25.1

• Running within Docker: true (Base: Debian)

• Clients used: Web client

• MySQL/MariaDB or PostgreSQL version: SQLite 3.35.4

Steps to reproduce

• start an instance of the server with admin panel enabled : sudo docker run vaultwarden/server -e ADMIN_TOKEN=1234
• Access to the admin interface and enter the token
• Change the URL Domain in the General settings to an invalid value (eg. http://mydomain/com)

Expected behaviour

The invalid URL is signaled and the parameters are not saved. Also, the page is not breaking.

Actual behaviour

The parameter is saved, effectively breaking the admin panel as described before.

Troubleshooting data

It seems that it is the / character that is breaking the panel. However, it should be investigated if other characters / patterns can also make the panel break.

Originally created by @mh4ckt3mh4ckt1c4s on GitHub (Apr 30, 2022). <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue <!-- Describe your issue here. --> When using a wrong value in the URL Domain parameter of the General settings of the admin panel, saving this parameter break the admin panel. The CSS and images are not loaded anymore, and the parameters can't be changed (saving is resulting to an unknown error). Also, you will never be able to log in the admin panel again once you logged out after this bug. ### Deployment environment <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> * Vaultwarden version: v1.24.0 * Web-vault version: v2.25.1 * Running within Docker: true (Base: Debian) * Clients used: Web client <!-- web vault, desktop, Android, iOS, etc. (if applicable) --> * MySQL/MariaDB or PostgreSQL version: SQLite 3.35.4<!-- if applicable --> ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> * start an instance of the server with admin panel enabled : `sudo docker run vaultwarden/server -e ADMIN_TOKEN=1234` * Access to the admin interface and enter the token * Change the URL Domain in the General settings to an invalid value (eg. `http://mydomain/com`) ### Expected behaviour <!-- Tell us what you expected to happen --> The invalid URL is signaled and the parameters are not saved. Also, the page is not breaking. ### Actual behaviour <!-- Tell us what actually happened --> The parameter is saved, effectively breaking the admin panel as described before. ### Troubleshooting data <!-- Share any log files, screenshots, or other relevant troubleshooting data --> It seems that it is the / character that is breaking the panel. However, it should be investigated if other characters / patterns can also make the panel break.

OVERLORD closed this issue 2026-02-05 00:24:21 +03:00

OVERLORD commented 2026-02-05 00:24:24 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Apr 30, 2022):

That is expected behavior since we support running Vaultwarden under a sub-path also instead of only a sub-domain.
The DOMAIN variable is used to ensure all the links are pointing to the correct endpoint.

Not having the correct DOMAIN variable set could leads to issues with attachments, sends, but also the admin as you have experienced.

You should still be able to access the admin interface though, although no styling is shown, the javascript part still works and you should be able to fix this by searching for DOMAIN and change it back to what it was. That should fix it, or you need to fix it manually by editing the config.json file within your data folder.

We can't go and try to detect a / in there, since we do support that. And we can't really detect if you make a mistake or not.

@BlackDex commented on GitHub (Apr 30, 2022): That is expected behavior since we support running Vaultwarden under a sub-path also instead of only a sub-domain. The `DOMAIN` variable is used to ensure all the links are pointing to the correct endpoint. Not having the correct `DOMAIN` variable set could leads to issues with attachments, sends, but also the admin as you have experienced. You should still be able to access the admin interface though, although no styling is shown, the javascript part still works and you should be able to fix this by searching for `DOMAIN` and change it back to what it was. That should fix it, or you need to fix it manually by editing the `config.json` file within your data folder. We can't go and try to detect a `/` in there, since we do support that. And we can't really detect if you make a mistake or not.

OVERLORD referenced this issue 2026-02-05 05:02:52 +03:00

[PR #1262] [MERGED] Updated icon downloading. #2903

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#1262