dani-garcia / vaultwarden

Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
GNU Affero General Public License v3.0
38.47k stars 1.87k forks source link

Add env/config option to allow additional iframe ancestors #843

Closed PrivatePuffin closed 4 years ago

PrivatePuffin commented 4 years ago

In some cases someone might want to include bitwarden into another website by iframe. While there are a lot of cases where this idea is insanely stupid, it might be interesting in cases where a secure intranet website is used such as next-cloud.

This is not a problem in itself, but currently the code doesn't allow ANY iframe except from itself and the chrome extention.

https://github.com/dani-garcia/bitwarden_rs/blob/d212dfe735e59128667a4c579e52ce7e86b53a94/src/util.rs#L26

I suggest keeping the current setting, but adding a variable that grabs any additional options in a config options or env. variable.

It should be relatively easy to do but increase the useability considerably.

dani-garcia commented 4 years ago

Should be fixed now in the latest commit, hope it helps!