[PR #4500] [MERGED] Fix public api for domains with path prefix #2810

New Issue

OVERLORD · 2025-10-09T18:11:57+03:00

OVERLORD commented

2025-10-09 18:11:57 +03:00

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/4500
Author: @FDHoho007
Created: 4/12/2024
Status: ✅ Merged
Merged: 5/19/2024
Merged by: @dani-garcia

Base: main ← Head: main

📝 Commits (1)

e7314dd Fix public api for domains with path prefix

📊 Changes

1 file changed (+2 additions, -6 deletions)

View changed files

📝 src/api/core/public.rs (+2 -6)

📄 Description

Vaultwarden is currently unable to handle the Bitwarden Directory Connector when the base domain includes a path prefix.
Example:
DOMAIN=https://example.com/ -> works
DOMAIN=https://example.com/vault/ -> doesn't work
Vaultwarden rejects the token issued seconds before with the error message "Token not issued by this server".
This message is thrown when the token issuer check fails. When a organization api token is issued, the iss attribute follows the scheme "domain_origin|scope". But when the issuer is checked in api/core/public.rs, the iss attribute is expected to contain "domain|scope".
When using a domain with path prefix this leads to conflicts. To fix this I replaced the domain check through a domain_origin check as issued in auth.rs.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/4500 **Author:** [@FDHoho007](https://github.com/FDHoho007) **Created:** 4/12/2024 **Status:** ✅ Merged **Merged:** 5/19/2024 **Merged by:** [@dani-garcia](https://github.com/dani-garcia) **Base:** `main` ← **Head:** `main` --- ### 📝 Commits (1) - [`e7314dd`](https://github.com/dani-garcia/vaultwarden/commit/e7314dd96a60fd7fc075fa03b1d1284f68df3485) Fix public api for domains with path prefix ### 📊 Changes **1 file changed** (+2 additions, -6 deletions) <details> <summary>View changed files</summary> 📝 `src/api/core/public.rs` (+2 -6) </details> ### 📄 Description Vaultwarden is currently unable to handle the Bitwarden Directory Connector when the base domain includes a path prefix. Example: `DOMAIN=https://example.com/` -> works `DOMAIN=https://example.com/vault/` -> doesn't work Vaultwarden rejects the token issued seconds before with the error message `"Token not issued by this server"`. This message is thrown when the token issuer check fails. When a organization api token is issued, the iss attribute follows the scheme `"domain_origin|scope"`. But when the issuer is checked in api/core/public.rs, the iss attribute is expected to contain `"domain|scope"`. When using a domain with path prefix this leads to conflicts. To fix this I replaced the domain check through a domain_origin check as issued in auth.rs. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

OVERLORD added the pull-request label 2025-10-09 18:11:58 +03:00

OVERLORD closed this issue

2025-10-09 18:11:59 +03:00

OVERLORD referenced this issue

2025-10-09 18:18:23 +03:00

[PR #2810] [CLOSED] Add SELinux instructions for persistent data #3172

OVERLORD referenced this issue

2025-10-09 18:18:26 +03:00

[PR #2810] Add SELinux instructions for persistent data #3174

Sign in to join this conversation.