Missing Icons

[mckraemer]

Deployment environment

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.30.5
• Web-vault version: v2024.1.2b
• OS/Arch: linux/x86_64
• Running within a container: true (Base: Debian)
• Environment settings overridden: false
• Uses a reverse proxy: true
• IP Header check: true (X-Forwarded-For)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• Browser/Server Time Check: true
• Server/NTP Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Database type: SQLite
• Database version: 3.44.0
• Clients used:
• Reverse proxy and version: Caddy
• Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

**Environment settings which are overridden:** ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_smtp_img_src": "cid:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://************", "domain_origin": "*****://************", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 8, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "fido2-vault-credentials", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Forwarded-For", "job_poll_interval_ms": 30000, "log_file": "/data/vaultwarden.log", "log_level": "warn", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 400000, "push_enabled": true, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": true, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "********************", "smtp_from_name": "Bitwarden", "smtp_host": "**************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "********************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": false, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ```

• vaultwarden version: 1.30.5

• Install method: Docker image

• Other relevant details:

Steps to reproduce

I added two websited to my vault which don´t receive icons, it fails to find them. https://deutsche-glasfaser.de/ https://zalando.de

Expected behaviour

Icons should be downloaded and shown.

[BlackDex]

Not all icons can be downloaded. Some sites have protections which can't be bypassed or fooled.

I quickly tested it but Zalando works for me, as does via Bitwarden. The other one doesn't, but that is also the case for Bitwarden. That might indicate some site protections to be in place.

Can you enable debug logging LOG_LEVEL=debug and try to download that icon by going to https://your.domain.tld/icons/deutsche-glasfaser.de/icon.png and check the logs?

You might need to remove the .miss file from the icons folder first, else it will not attempt to try and download again.

[mckraemer]

Just to add the log to zalando:

[2024-06-12 11:32:37.302][h2::codec::framed_read][DEBUG] received frame=Headers { stream_id: StreamId(3), flags: (0x5: END_HEADERS | END_STREAM) } [2024-06-12 11:32:37.302][reqwest::async_impl::client][DEBUG] redirecting 'https://zalando.de/' to 'https://www.zalando.de/' [2024-06-12 11:32:37.302][h2::codec::framed_write][DEBUG] send frame=Headers { stream_id: StreamId(3), flags: (0x5: END_HEADERS | END_STREAM) } [2024-06-12 11:32:37.378][h2::codec::framed_read][DEBUG] received frame=Headers { stream_id: StreamId(3), flags: (0x4: END_HEADERS) } [2024-06-12 11:32:37.379][vaultwarden::api::icons][DEBUG] [get_icon_url]: Trying with www. prefix 'www.zalando.de' [2024-06-12 11:32:37.379][h2::codec::framed_write][DEBUG] send frame=Reset { stream_id: StreamId(3), error_code: CANCEL } [2024-06-12 11:32:37.381][h2::codec::framed_read][DEBUG] received frame=Data { stream_id: StreamId(3) } [2024-06-12 11:32:37.382][h2::codec::framed_read][DEBUG] received frame=Data { stream_id: StreamId(3) } [2024-06-12 11:32:37.385][h2::codec::framed_read][DEBUG] received frame=Data { stream_id: StreamId(3), flags: (0x1: END_STREAM) } [2024-06-12 11:32:37.389][h2::codec::framed_write][DEBUG] send frame=Headers { stream_id: StreamId(5), flags: (0x5: END_HEADERS | END_STREAM) } [2024-06-12 11:32:37.506][h2::codec::framed_read][DEBUG] received frame=Headers { stream_id: StreamId(5), flags: (0x4: END_HEADERS) } [2024-06-12 11:32:37.507][reqwest::connect][DEBUG] starting new connection: http://www.zalando.de/ [2024-06-12 11:32:37.507][h2::codec::framed_write][DEBUG] send frame=Reset { stream_id: StreamId(5), error_code: CANCEL } [2024-06-12 11:32:37.508][h2::codec::framed_read][DEBUG] received frame=Data { stream_id: StreamId(5) } [2024-06-12 11:32:37.510][h2::codec::framed_read][DEBUG] received frame=Data { stream_id: StreamId(5) } [2024-06-12 11:32:37.510][h2::codec::framed_read][DEBUG] received frame=Data { stream_id: StreamId(5), flags: (0x1: END_STREAM) } [2024-06-12 11:32:37.552][h2::codec::framed_write][DEBUG] send frame=Headers { stream_id: StreamId(5), flags: (0x5: END_HEADERS | END_STREAM) } [2024-06-12 11:32:37.565][h2::codec::framed_read][DEBUG] received frame=Headers { stream_id: StreamId(5), flags: (0x5: END_HEADERS | END_STREAM) } [2024-06-12 11:32:37.565][reqwest::async_impl::client][DEBUG] redirecting 'https://zalando.de/favicon.ico' to 'https://www.zalando.de/favicon.ico' [2024-06-12 11:32:37.565][h2::codec::framed_write][DEBUG] send frame=Headers { stream_id: StreamId(7), flags: (0x5: END_HEADERS | END_STREAM) } [2024-06-12 11:32:37.618][h2::codec::framed_read][DEBUG] received frame=Headers { stream_id: StreamId(7), flags: (0x4: END_HEADERS) } [2024-06-12 11:32:37.618][vaultwarden::api::icons][DEBUG] Req. [CAUSE] reqwest::Error { kind: Status( 403, ), url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some( Domain( "www.zalando.de", ), ), port: None, path: "/favicon.ico", query: None, fragment: None, }, }

Referring to your pasted url. I need to edit the url right?

[mckraemer]

I attached your required log to https://your.domain.tld/icons/deutsche-glasfaser.de/icon.png. log-icon.txt

[BlackDex]

That domain only has an SVG icon, which we do not support. The main reason for that is that Vaultwarden does not convert the image types they are originally are provided by the sites them self. Since SVG's could contain scripts, HTML or any other item we deem this extension to be unsafe and do not download these. As that is the only supported icon they have, and do not provide any other valid fallback like /favicon.ico or /apple-touch-icon.png. So for that domain we are not able to provide any other way to let you see those icons using the built-in favicon provider.

You might want to try a different favicon provider, and i quickly checked, but it looks like only Google seems to serve an icon for this.

So, to get this working you want to change/update the following setting: https://github.com/dani-garcia/vaultwarden/blob/8f05a90b96adfe06722d01510923759fe61a8bd6/.env.template#L290-L301

And set it to ICON_SERVICE=google Or, i quickly also checked via an other service faviconkit.com you can set it to: ICON_SERVICE="https://api.faviconkit.com/{}/32"

I hope this will help you.