github/vaultwarden
1
1
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-05 20:31:58 +02:00
Code Issues 44 Packages Projects Releases Wiki Activity

Make available toggling webauthn allow_subdomains #113

New Issue
Closed
opened 2026-04-05 20:30:40 +02:00 by MrUnknownDE · 0 comments
MrUnknownDE commented 2026-04-05 20:30:40 +02:00
Owner
Copy Link

Originally created by @Bert-Proesmans on 2/14/2026

This patch makes it possible to have DNS records for subdomains of DOMAIN_URL to point to vaultwarden instances with working webauthn keys.

I verified this code works by running patched vaultwarden instances. This change is foolproof, allow_subdomains might as well have been set to true by default but opted for defensive approach.

Related discussion; https://github.com/dani-garcia/vaultwarden/discussions/6567

Before;

DOMAIN_URL = passwords.my.domain

  1. RESET
  2. Navigate to URL passwords.my.domain and login
  3. Generate webauthn key and save
  4. Attempt login and webauthn validation = OK
  5. Navigate to URL <anything>.passwords.my.domain and login
  6. Attempt webauthn validation => FAILURE

Before;

DOMAIN_URL = passwords.my.domain

  1. RESET
  2. Navigate to URL <anything>.passwords.my.domain and login
  3. Generate webauthn key and save => FAILURE

=> webauthn_rs fails on the browser URL passed into auth_requests when doing stuff from hostname zone.passwords.my.domain

After;

DOMAIN_URL = passwords.my.domain
WEBAUTHN_ALLOW_SUBDOMAINS = true

  • Generating webauthn keys from browser URL <anything>.passwords.my.domain works
  • Validating webauthn keys from browser URL <anything>.passwords.my.domain works
*Originally created by @Bert-Proesmans on 2/14/2026* This patch makes it possible to have DNS records for subdomains of DOMAIN_URL to point to vaultwarden instances with working webauthn keys. I verified this code works by running patched vaultwarden instances. This change is foolproof, allow_subdomains might as well have been set to true by default but opted for defensive approach. Related discussion; https://github.com/dani-garcia/vaultwarden/discussions/6567 Before; DOMAIN_URL = passwords.my.domain 1. RESET 1. Navigate to URL passwords.my.domain and login 2. Generate webauthn key and save 3. Attempt login and webauthn validation = OK 4. Navigate to URL \<anything>.passwords.my.domain and login 5. Attempt webauthn validation => FAILURE Before; DOMAIN_URL = passwords.my.domain 1. RESET 1. Navigate to URL \<anything>.passwords.my.domain and login 2. Generate webauthn key and save => FAILURE => webauthn_rs fails on the browser URL passed into auth_requests when doing stuff from hostname zone.passwords.my.domain # After; DOMAIN_URL = passwords.my.domain WEBAUTHN_ALLOW_SUBDOMAINS = true * Generating webauthn keys from browser URL \<anything>.passwords.my.domain works * Validating webauthn keys from browser URL \<anything>.passwords.my.domain works
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
Third party
Third party
Third party
Third party
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
good first issue
help wanted
low priority
low priority
low priority
low priority
question
question
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
MrUnknownDE
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github/vaultwarden#113
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?