You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Bitwarden recently integrated a Phishing Blocker feature into its browser extension, warning users when visiting sites listed in the open-source Phishing.Database.
No Vaultwarden-specific server support is needed beyond exposing the experimental client feature flag phishing-detection. However, since Vaultwarden limits configurable client feature flags to a set hardcoded in config.rs, the feature currently cannot be enabled without a custom build.
This can be verified by adding phishing-detection to the accepted flag list, starting Vaultwarden with EXPERIMENTAL_CLIENT_FEATURE_FLAGS=phishing-detection, setting up the extension against that instance, and then visiting https://phishing.testcategory.com/. With that in place, the extension shows the phishing warning as expected.
Since this is already an upstream experimental client flag, adding it to Vaultwarden’s allowlist seems like a low-risk improvement that would let self-hosted users opt in without requiring any long-term stability guarantees.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Bitwarden recently integrated a Phishing Blocker feature into its browser extension, warning users when visiting sites listed in the open-source Phishing.Database.
No Vaultwarden-specific server support is needed beyond exposing the experimental client feature flag
phishing-detection. However, since Vaultwarden limits configurable client feature flags to a set hardcoded inconfig.rs, the feature currently cannot be enabled without a custom build.This can be verified by adding
phishing-detectionto the accepted flag list, starting Vaultwarden withEXPERIMENTAL_CLIENT_FEATURE_FLAGS=phishing-detection, setting up the extension against that instance, and then visitinghttps://phishing.testcategory.com/. With that in place, the extension shows the phishing warning as expected.Since this is already an upstream experimental client flag, adding it to Vaultwarden’s allowlist seems like a low-risk improvement that would let self-hosted users opt in without requiring any long-term stability guarantees.
Beta Was this translation helpful? Give feedback.
All reactions