Grabbing wrong favicon #1831

New Issue

Closed

opened 2025-10-09 17:32:05 +03:00 by OVERLORD · 3 comments

OVERLORD commented 2025-10-09 17:32:05 +03:00

Owner

Copy Link

Originally created by @PrivatePuffin on GitHub.

Subject of the issue

It seems Bitwarden_rs always tries to download favicons from domain-root and ignores actual favicon settings on the login page. this leads to an abundance of errors/warnings and timeouts.

Your environment

• Bitwarden_rs version:

• Install method:
• Clients used:
• Reverse proxy and version:
• Version of mysql/postgresql:
• Other relevant information:

Steps to reproduce

Add a login for this site:
https://signin.netapp.com/oamext/login.html

Look at the logs, notice it tries to download the favicon from:
http://signin.netapp.com/favicon.ico
Notice how it fails to download the icon.

Now look at the page network tab, notice the actual URL for the favicon is:
https://signin.netapp.com/oamext/images/favicon.ico

Now look at the page source, notice that the favicon is described here:

 <link href="./images/favicon.ico" rel="icon" type="image/x-icon">
      <link href="./images/favicon.ico" rel="shortcut icon" type="image/x-icon">

Expected behaviour

It should respect the favicon setting of the login pages.

Actual behaviour

It always tries to grab domain-root favicons and totally ignores actual favicon settings.

Relevant logs

[2020-01-30 18:16:55][bitwarden_rs::api::icons][INFO] Icon save error: Os { code: 13, kind: PermissionDenied, message: "Permission denied" }
[2020-01-30 18:16:55][response][INFO] GET /icons/<domain>/icon.png (icon) => 200 OK
[2020-01-30 18:16:55][bitwarden_rs::api::icons][INFO] Download failed for http://signin.netapp.com/favicon.ico
[2020-01-30 18:16:55][bitwarden_rs::api::icons][ERROR] Error downloading icon: Empty response
[2020-01-30 18:16:55][bitwarden_rs::api::icons][INFO] Icon save error: Os { code: 13, kind: PermissionDenied, message: "Permission denied" }

Originally created by @PrivatePuffin on GitHub. ### Subject of the issue It seems Bitwarden_rs always tries to download favicons from domain-root and ignores actual favicon settings on the login page. this leads to an abundance of errors/warnings and timeouts. ### Your environment <!-- The version number, obtained from the logs or the admin page --> * Bitwarden_rs version: <!-- How the server was installed: Docker image / package / built from source --> * Install method: * Clients used: <!-- if applicable --> * Reverse proxy and version: <!-- if applicable --> * Version of mysql/postgresql: <!-- if applicable --> * Other relevant information: ### Steps to reproduce Add a login for this site: https://signin.netapp.com/oamext/login.html Look at the logs, notice it tries to download the favicon from: `http://signin.netapp.com/favicon.ico` Notice how it fails to download the icon. Now look at the page network tab, notice the actual URL for the favicon is: `https://signin.netapp.com/oamext/images/favicon.ico` Now look at the page source, notice that the favicon is described here: ``` <link href="./images/favicon.ico" rel="icon" type="image/x-icon"> <link href="./images/favicon.ico" rel="shortcut icon" type="image/x-icon"> ``` ### Expected behaviour It should respect the favicon setting of the login pages. ### Actual behaviour It always tries to grab domain-root favicons and totally ignores actual favicon settings. ### Relevant logs ``` [2020-01-30 18:16:55][bitwarden_rs::api::icons][INFO] Icon save error: Os { code: 13, kind: PermissionDenied, message: "Permission denied" } [2020-01-30 18:16:55][response][INFO] GET /icons/<domain>/icon.png (icon) => 200 OK [2020-01-30 18:16:55][bitwarden_rs::api::icons][INFO] Download failed for http://signin.netapp.com/favicon.ico [2020-01-30 18:16:55][bitwarden_rs::api::icons][ERROR] Error downloading icon: Empty response [2020-01-30 18:16:55][bitwarden_rs::api::icons][INFO] Icon save error: Os { code: 13, kind: PermissionDenied, message: "Permission denied" } ```

OVERLORD closed this issue 2025-10-09 17:32:06 +03:00

OVERLORD commented 2025-10-09 17:32:08 +03:00

Author

Owner

Copy Link

@dani-garcia commented on GitHub:

Well the clients only send the subdomain and domain, in this case the server gets https://signin.netapp.com, so if the image can't be obtained from there then there isn't much we can do other than hardcode the value.

@dani-garcia commented on GitHub: Well the clients only send the subdomain and domain, in this case the server gets `https://signin.netapp.com`, so if the image can't be obtained from there then there isn't much we can do other than hardcode the value.

OVERLORD commented 2025-10-09 17:32:08 +03:00

Author

Owner

Copy Link

@PrivatePuffin commented on GitHub:

This problem mostly shows with websites that host a login page on a sub page, but don't host anything on the login subdomain itself.

Another example:
https://signin.ea.com/ doesn't host anything (and errors out on the favicon too)
Because this is the real login page:
https://signin.ea.com/p/web2/login*LOGIN DATA STRING*

@PrivatePuffin commented on GitHub: This problem mostly shows with websites that host a login page on a sub page, but don't host anything on the login subdomain itself. Another example: `https://signin.ea.com/ ` doesn't host anything (and errors out on the favicon too) Because this is the real login page: `https://signin.ea.com/p/web2/login*LOGIN DATA STRING*`

OVERLORD commented 2025-10-09 17:32:09 +03:00

Author

Owner

Copy Link

@PrivatePuffin commented on GitHub:

@dani-garcia Thats quite a major design oversight by upstream. As favicon locations are not actually standardised at all. But indeed, not yours to fix, you can't magically summon what you don't have.

Thanks for the reply :)

@PrivatePuffin commented on GitHub: @dani-garcia Thats quite a major design oversight by upstream. As favicon locations are not actually standardised at all. But indeed, not yours to fix, you can't magically summon what you don't have. Thanks for the reply :)

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

test_dylint

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

better for forum

bug

bug

bug

documentation

duplicate

enhancement

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

SSO

Third party

troubleshooting

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#1831