* prevent redundant cache updates on account switch
Remove automatic cache update triggering that caused UI freezes when
switching to accounts with phishing detection access.
Root cause: The update$ observable used startWith(undefined) which
triggered an immediate cache refresh whenever a new subscription was
created. On account switch, phishingDetectionSettingsService.on$ emits
true, creating a new subscription and triggering a full ~800K entry
fetch that blocks the UI thread.
Fix:
- Remove startWith(undefined) to prevent auto-triggering on subscription
- Add MIN_UPDATE_INTERVAL (5 min) constant for cache freshness checks
- Add _updateInProgress flag to prevent concurrent updates
- Add filter() to skip updates when one is already in progress
- Add cache freshness check (skip if updated within 5 minutes)
- Add finalize() to reliably reset _updateInProgress flag (per ADR)
- Replace share() with shareReplay() to prevent duplicate work
- Add triggerUpdateIfNeeded() public method for explicit update requests
The scheduled 24-hour update interval is unaffected - it still calls
_triggerUpdate$.next() via the task scheduler.
* trigger cache updates asynchronously on account switch
Update PhishingDetectionService to explicitly trigger cache updates
when phishing detection becomes active for an account, using a
non-blocking pattern.
Changes:
- Add call to phishingDataService.triggerUpdateIfNeeded() when on$ emits true
- Use of(null).pipe(delay(0)) to defer update to next event loop tick
- This prevents the update from blocking the account switch UI flow
The delay(0) pattern is preferred over setTimeout per codebase conventions
(RxJS over native JS). The subscription auto-completes since of() emits
once and completes, so no manual cleanup is needed.
Combined with the previous commit's safeguards (cache freshness check,
concurrent update prevention), this ensures:
1. Account switch completes immediately (non-blocking trigger)
2. Cache updates only run when actually needed (< 5 min freshness)
3. Concurrent updates are prevented (_updateInProgress flag)
Fixes: PM-30319
* decouple cache update subscription from UI event merge
Move phishingDataService.update$ to a separate subscription outside the
merge() stream to prevent blocking the service worker during critical
initialization and account switch flows.
Background:
The service worker is single-threaded. When the phishing cache update
runs, it downloads a 25MB file and parses 800K entries using .split(),
which is CPU-intensive synchronous work. During this parsing, the
service worker cannot respond to popup requests, causing the extension
UI to appear frozen when the user clicks the extension icon.
Previously, update$ was included in the merge() alongside UI event
handlers (onTabUpdated$, onContinueCommand$, onCancelCommand$). When
on$ emitted true (user has phishing access), the merge subscription
was created as part of the same synchronous flow, coupling the heavy
cache work with the UI event setup.
Changes:
- Create separate updateSub subscription at initialization
- Remove update$ from merge() - now only contains UI event streams
- Keep delay(0) trigger for triggerUpdateIfNeeded()
How delay(0) works:
JavaScript's event loop must complete all synchronous code before
processing async callbacks. delay(0) schedules the trigger for the
next event loop tick, meaning:
1. initialize() completes and returns
2. Service worker is 'free' to handle other tasks
3. Next tick: triggerUpdateIfNeeded() fires
4. Cache update runs in background
The cache parsing will still block the thread when it eventually runs,
but this is now decoupled from the critical initialization path. The
window where blocking can affect user interaction is minimized.
PM-30319
* comment
* account for new changes in spec file
* prevent UI blocking during cache updates
Problem:
- Switching accounts caused 5+ second UI freeze
- Even when data unchanged, 789K entries were rewritten to IndexedDB
- Set was rebuilt from 789K entries on every state emission
Solution:
- Skip state update when checksum matches (return null instead of full data)
- Cache Set in memory, only rebuild when checksum changes
- Track last check time in memory instead of state
- Use streaming fetch to prevent Firefox memory explosion
- Add comprehensive logging for debugging
Performance improvement:
- Checksum match: ~5 seconds → ~10ms (no blocking)
- Full update: Still required when data changes, but with streaming
* pre-populate cache on install/update and optimize Set building
Problem:
Premium users experienced a 5+ second UI freeze on first login after
install because the phishing list (~63MB, 789K entries) was downloaded
synchronously when phishing detection was enabled.
Solution:
1. Pre-populate cache on extension install/update
- Added triggerPhishingCacheUpdate() to MainBackground
- RuntimeBackground calls this on "install" and "update" events
- Cache is ready before user logs in, eliminating first-login lag
2. Chunked Set building for UI responsiveness
- Build Set in 50K-entry chunks with event loop yields
- Changed from synchronous map() to async switchMap() + buildSetInChunks()
- Prevents UI blocking when Set is rebuilt from cached data
3. Streaming with yields
- Added yield after each network chunk during streaming fetch
- Keeps service worker responsive to popup messages during download
4. Log cleanup for production
- Converted verbose debugging logs from info → debug level
- Kept important operational events (daily/full updates) at info
- Removed timing logs and progress banners
- Fixed comment accuracy: 100MB → 63MB uncompressed
Performance impact:
- First login after install: 5+ seconds → near-instant (cache pre-populated)
- Set rebuild: non-blocking via chunked processing
- Subsequent updates: already optimized via checksum matching
* spec
* add allowlist for bare amazon.com domain
Problem:
The upstream Phishing.Database contains a false positive entry
`https://www.Amazon.com` (line 666495), causing the real Amazon
website to be incorrectly blocked.
Solution:
Add BARE_DOMAIN_ALLOWLIST that skips blocking for exact hostname
matches (amazon.com, www.amazon.com) when the URL has no path,
query, or hash. This protects users from false positives while
still detecting phishing URLs that use Amazon in paths or
subdomain tricks.
Allowed:
- https://amazon.com
- https://www.amazon.com
Still blocked:
- https://amazon.com/phishing/path
- https://amazon.com-malicious.xyz
- https://fake.com/amazon.com/steal
* logging
* update our links source url
* Fix Chrome memory leak in phishing detection service
* reduce memory leaks
* optimize phishing detection performance and fix memory leaks
This commit addresses critical performance issues and memory leaks in the
phishing detection feature, particularly for non-premium users and during
extension reloads.
Storage Isolation:
- Created BrowserIndexedDbStorageService for large data storage
- Separated PHISHING_DATA_DISK (60MB+ phishing URLs) from PHISHING_DETECTION_DISK
- Prevents popup from loading large dataset when accessing small settings
- Fixed UI freeze when navigating to Settings -> Account security -> back arrow
Lazy Loading Optimizations:
- Converted _cachedState, _webAddresses$, and update$ to lazy getters
- Only accesses IndexedDB when phishing detection is actually used
- Prevents blocking service worker initialization on extension reload
- Added guard in triggerUpdateIfNeeded() to skip if no observers
Performance Improvements:
- Modified buildEnabledPipeline$() to check available$ first
- Uses startWith(true) to emit immediately, preventing on$ from blocking
- Skips IndexedDB reads for non-premium users during unlock/account switch
- Prevents 3+ second UI freezes for non-premium users
Memory Leak Fixes:
- Added static interval cleanup to prevent accumulation on service recreation
- Fixed tab listener cleanup by storing bound handler reference
- Fixed triggerUpdateSub subscription cleanup on account switches
- Prevents exponential memory growth from undestroyed subscriptions
Test Fixes:
- Updated tests to set up available$ prerequisites before testing enabled$
- Fixed tests to wait for actual state values after startWith(true) emission
- Uses filter() to wait for expected state values in async tests
Files Changed:
- apps/browser/src/platform/services/browser-indexed-db-storage.service.ts (new)
- apps/browser/src/platform/storage/browser-storage-service.provider.ts
- apps/browser/src/dirt/phishing-detection/services/phishing-data.service.ts
- apps/browser/src/dirt/phishing-detection/services/phishing-detection.service.ts
- apps/browser/src/background/runtime.background.ts
- libs/common/src/dirt/services/phishing-detection/phishing-detection-settings.service.ts
- libs/common/src/dirt/services/phishing-detection/phishing-detection-settings.service.spec.ts
- libs/state/src/core/state-definitions.ts
- libs/storage-core/src/client-locations.ts
* fix test type errors
* remove allowlist
* storage isolation revert
The initial implementation of storage isolation was used to fix a specific navigation scenario that lead to freezing of the ui ("Settings → Account Security" and clicking the back button)
Why disk-large instead of memory-large-object:
- **Problem**: Users experienced infinite loading (2+ minute freezes) when navigating to "Settings → Account Security" and clicking the back button. The Popup would freeze because `chrome.storage.local` broadcasts 60MB writes to all contexts, causing the Popup to deserialize data it never requested.
- **Fix**: Created `disk-large` storage location using native IndexedDB, which persists data (unlike `memory-large-object`) and doesn't broadcast events (unlike `chrome.storage.local`), isolating large datasets from the Popup context.
**Key Difference:**
- `memory-large-object`: **Non-persistent** in-memory storage. Data is lost when the service worker restarts or the extension reloads.
- `disk-large`: **Persistent** storage using native IndexedDB. Data survives service worker restarts and extension reloads.
**Why We Need Persistence:**
The phishing dataset (~60MB, 780K entries) must persist across:
- Service worker restarts (Chrome terminates service workers after inactivity)
- Extension reloads/updates
- Browser restarts
If we used `memory-large-object`, the extension would need to re-download the entire 60MB dataset every time the service worker restarts, which happens frequently in Chrome. This would:
1. Waste bandwidth (60MB downloads on every restart)
2. Cause UI freezes on every restart (same problem we're trying to fix)
3. Fail offline scenarios
**Why Not Use Existing `disk` Location:**
The existing `"disk"` location uses `chrome.storage.local`, which has a critical flaw for large datasets:
- **Event Broadcasting**: Any write to `chrome.storage.local` triggers `onChanged` events broadcast to **all** extension contexts (Background, Popup, Sidebar)
- **The UI/UX Problem**:
- Users experienced **infinite loading** or **2+ minute freezes** when navigating to "Settings → Account Security" and clicking the back button
- When Background writes 60MB, Chrome serializes and IPCs it to Popup, causing Popup's main thread to freeze while deserializing this massive object, even if Popup never requested the data
- The Popup would become completely unresponsive, showing a spinning cursor or blank screen
- **The Fix**: Native IndexedDB doesn't broadcast events across processes, isolating the storage so Background can write 60MB without disturbing the Popup
* remove implementation comments from jsdoc
* renaming
* new domains source
* remove unnecessary complexity from buildEnabledPipeline and remove all IndexedDB references
* fix pre-population on install/update
* handle null webAddresses
---------
Co-authored-by: maxkpower <mpower@bitwarden.com>
(cherry picked from commit fcc2844a16)
* add new color palette to theme and tailwind config
* updated docs color names
* remove safelist changes
* add missing accent colors to docs
* updated color mappings
* combined docs in colors.mdx and reference in Claude.md
* add variables for white and black
* updated docs
* updated list rendering style
* more specific docs instructions
* revert to simpler colors docs reference
* remove changes to claude.md
* use rgb color variables to compose semantic
* Add creationDate of account to AccountInfo
* Added initialization of creationDate.
* Removed extra changes.
* Fixed tests to initialize creation date
* Added helper method to abstract account initialization in tests.
* More test updates.
* Linting
* Additional test fixes.
* Fixed spec reference
* Fixed imports
* Linting.
* Fixed browser test.
* Modified tsconfig to reference spec file.
* Fixed import.
* Removed dependency on os. This is necessary so that the @bitwarden/common/spec lib package can be referenced in tests without node.
* Revert "Removed dependency on os. This is necessary so that the @bitwarden/common/spec lib package can be referenced in tests without node."
This reverts commit 669f6557b6.
* Updated stories to hard-code new field.
* Removed changes to tsconfig
* Revert "Removed changes to tsconfig"
This reverts commit b7d916e8dc.
* Updated to use Date
* Updated to use Date on sync.
* Changes to tests that can't use mock function
* Prettier updates
* Update equality to handle Date type.
* Change to type comparison.
* Simplified equality comparison to just use properties.
* Added comment.
* Updated comment to reference Date.
* Added back in internal method tests.
* fix(set-initial-password-service) [PM-28494]: Update MP data and decryption property sets to accommodate legacy and new paths for service.
* fix(set-initial-password-component) [PM-28494]: Add salt and mp data to credentials object.
* refactor(set-initial-password-service) [PM-28494]: Additional comments.
* test(set-initial-password-service) [PM-28494]: Update tests for added credential members.
* PM-3287 - Remove resetMasterPassword from authResult and identityTokenResponse and replace with userDecryptionOptions where relevant
* PM-3287 - (1) Move SSO code to SSO section (2) Update error scenario conditional + log user out upon error.
* PM-3287 - Fix comment per PR feedback
* PM-3287 - CLI Login with SSO - move MP validation logic back to original location to avoid putting it before 2FA rejection handling.
* PM-3287 - Update returns
* Fix master key not being set to state after kdf update
* Fix cli build
* Fix test error
* Fix hash purpose
* Add test for master key being set
* Fix incorrect variable name
* [PM-27675] Integrate dialogs into VaultItemTransferService
* [PM-27675] Update tests for new dialogs
* [PM-27675] Center dialogs and prevent closing with escape or pointer events
* [PM-27675] Add transferInProgress$ observable to VaultItemsTransferService
* [PM-27675] Hook vault item transfer service into browser vault component
* [PM-27675] Move defaultUserCollection$ to collection service
* [PM-27675] Cleanup dialog styles
* [PM-27675] Introduce readySubject to popup vault component to keep prevent flashing content while item transfer is in progress
* [PM-27675] Fix vault-v2 tests
* [PM-28181] Open send dialog in drawer instead of popup in refreshed UI
* Fix types
* [PM-28181] Use drawer to edit sends with refreshed UI
* [PM-28181] Address bug where multiple Sends could not be navigated between
* added phishing blocker toggle
* design improvements
* Fix TypeScript strict mode errors in PhishingDetectionSettingsServiceAbstraction
* Camel case messages
* Update PhishingDetectionService.initialize parameter ordering
* Add comments to PhishingDetectionSettingsServiceAbstraction
* Change state from global to user settings
* Remove clear on logout phishing-detection-settings
* PM-28536 making a change from getActive to getUser because of method being deprecated
* Moved phishing detection services to own file
* Added new phishing detection availability service to expose complex enable logic
* Add test cases for PhishingDetectionAvailabilityService
* Remove phishing detection availability in favor of one settings service
* Extract phishing detection settings service abstraction to own file
* Update phishing detection-settings service to include availability logic. Updated dependencies
* Add test cases for phishing detection element. Added missing dependencies in testbed setup
* Update services in extension
* Switch checkbox to bit-switch component
* Remove comment
* Remove comment
* Fix prettier vs lint spacing
* Replace deprecated active user state. Updated test cases
* Fix account-security test failing
* Update comments
* Renamed variable
* Removed obsolete message
* Remove unused variable
* Removed unused import
---------
Co-authored-by: Leslie Tilton <23057410+Banrion@users.noreply.github.com>
Co-authored-by: Graham Walker <gwalker@bitwarden.com>
Co-authored-by: Tom <144813356+ttalty@users.noreply.github.com>
* auto key not stored due to vault timeout race condition being null for cli
* fix unit test default state
* neglected electron key service test cleanup
* bad merge - fix formatting
* [PM-23258] changing verbiage from import data to import items
* [PM-23258] Removing vault and data from import and export titles, navs, and buttons
* [PM-23258] more verbiage changes
* [PM-23258] reverting unnecessary change
* [PM-23258] removing unused text from messages json files
* [PM-23258] small text changes from design
* [PM-23258] including secrets manager changes
* Add creationDate of account to AccountInfo
* Added initialization of creationDate.
* Removed extra changes.
* Fixed tests to initialize creation date
* Added helper method to abstract account initialization in tests.
* More test updates.
* Linting
* Additional test fixes.
* Fixed spec reference
* Fixed imports
* Linting.
* Fixed browser test.
* Modified tsconfig to reference spec file.
* Fixed import.
* Removed dependency on os. This is necessary so that the @bitwarden/common/spec lib package can be referenced in tests without node.
* Revert "Removed dependency on os. This is necessary so that the @bitwarden/common/spec lib package can be referenced in tests without node."
This reverts commit 669f6557b6.
* Updated stories to hard-code new field.
* Removed changes to tsconfig
* Revert "Removed changes to tsconfig"
This reverts commit b7d916e8dc.
* feat(token-service) [PM-15333]: Update Portable secure storage resolution to use disk.
* feat(token-service) [PM-15333]: Move isWindowsPortable evaluation to preload with other platform evaluations.
* add a slot for consumers to show user actions in anon layout header
* remove commented code
* ensure logo stays top aligned
* switch to dashed naming
* fix ngif statements
* remove empty selector
* remove unnecessary containers
* use smaller logo on smaller screens
* remove commented code from extension layout
* remove dupe slot
* only take extension screenshots on small screens
* take screenshot at 380
* take large and small screenshot
* update story to use new control flow
* Replace usages of app-callout with bit-callout
* Delete callout.component
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
