336e666357
* Add regex example to "Match detection for URIs" that is not broken I find it important that examples actually follow best practices. The current regex one is not. `^https://.*google\.com$` is an improper regex (as already pointed out because it also matches `malicious-site.com`) that is only there to show the weaknesses of regular expressions for this use case. I find such an example very good for this purpose but there should also be a "good example" that complements it. I found such a "good example" that I hope is more useful and has no unwanted loopholes. * Change wording from bad/good to unsafe/safe in regex match detection * Update uri-match-detection.md Co-authored-by: fred_the_tech_writer <69817454+fschillingeriv@users.noreply.github.com>
5.3 KiB
layout, title, categories, featured, popular, tags, order
| layout | title | categories | featured | popular | tags | order | ||||
|---|---|---|---|---|---|---|---|---|---|---|
| article | URIs for Vault Items |
|
false | false |
|
09 |
Any Login item in your Vault can be created with or edited to include one or more URI (Uniform Resource Identifier). A URI can be a website address (i.e. a URL), a Server IP Address, a Mobile App Package ID, and more.
{% image uri.png Login item URI fields in the Web Vault %}
{% callout success %} Assigning URIs to Login items is required if you want to leverage auto-fill functionality in the various Bitwarden client applications. {% endcallout %}
URI Schemes
Well-formed URIs should include a scheme at the beginning, for example the https:// scheme to securely reference a website address. If no scheme is specified, http:// is assumed.
{% callout success %} Most Bitwarden client applications allow you to {% icon fa-share-square %} Launch an website or app directly from your Vault. Without a scheme, this functionality will not work properly. {% endcallout %}
Schemes include:
http://orhttps://reference website addresses (e.g.https://github.com)androidapp://references an Android Application Package ID or Name (e.g.androidapp://com.twitter.android)
Match Detection Options
Each URI assigned to a Login item has an associated Match Detection option. This option determines when and whether Bitwarden will offer the Login as an available option for auto-fill.
Default match detection
Bitwarden Browser Extensions and Mobile Apps can select a Default match detection option from the options below (Base domain, Host, Starts with, Regular expression, Exact, or Never) by navigating to {% icon fa-cogs %}Settings → Options → Default URI Match Detection. Setting a default option will not preclude you from specifying a match detection option on an item-by-item basis as well.
By default, Bitwarden will use Base domain matching as the default option.
Base domain
Selecting Base domain will prompt Bitwarden to offer auto-fill when the top-level domain and second-level domain of a Login's URI value match the detected resource.
For example, if the URI value https://google.com uses base domain match detection:
- Auto-fill offered for
http://google.com&https://accounts.google.com - Auto-fill not offered for
https://google.net&http://yahoo.com
Host
Selecting Host will prompt Bitwarden to offer auto-fill when the hostname and (if specified) port of the Login's URI value matches the detected resource.
For example, if the URI value https://sub.domain.com:4000 uses host match detection:
- Auto-fill offered for
http://sub.domain.com:4000&https://sub.domain.com:4000/page.html - Auto-fill not offered for
https://domain.com,https://sub.domain.com,https://sub2.sub.domain.com:4000, orhttps://sub.domain.com:5000
Starts with
Selecting Starts with will prompt Bitwarden to offer auto-fill when the detected resource starts with the Login URI value, regardless of what follows it.
For example, if the URI value https://sub.domain.com/path/ uses starts with match detection:
- Auto-fill offered for
https://sub.domain.com/path/&https://sub.domain.com/path/page.html - Auto-fill not offered for
https://sub.domain.com,https://sub.domain.com:4000/path/page.html(interrupted with a port), orhttps://sub.domain.com/path(absent trailing slash)
Regular expression
{% callout note %} Regular expressions are an advanced option and can be quite dangerous if used incorrectly. You should not use this option if you do not know exactly what you're doing. {% endcallout %}
Selecting Regular expression will prompt Bitwarden to offer auto-fill when the detected resources matches a specified regular expression{:target="_blank"}. Regular expressions are always case insensitive.
Unsafe example
If the URI value ^https://.*google\.com$ uses regular expression match detection:
- Auto-fill offered for
https://google.com,https://sub.google.com,https://malicious-site.com?q=google.com - Auto-fill not offered for
http://google.comorhttps://yahoo.com
This probably matches more than what is intended. Consider avoiding periods (.), which unless escaped (\) match on any character.
Safe example
If the URI value ^https://[a-z]+\.wikipedia\.org/w/index\.php uses regular expression match detection:
- Auto-fill offered for
https://en.wikipedia.org/w/index.php?title=Special:UserLogin&returnto=Bitwarden,https://pl.wikipedia.org/w/index.php?title=Specjalna:Zaloguj&returnto=Bitwarden,https://en.wikipedia.org/w/index.php - Auto-fill not offered for
https://en.wikipedia.org/wiki/Bitwarden,https://malicious-site.com
Exact
Selecting Exact will prompt Bitwarden to offer auto-fill when the Login URI value matches the detected resource exactly.
For example, if the URI value https://www.google.com/page.html uses exact match detection:
- Auto-fill offered for
https://www.google.com/page.html - Auto-fill not offered for
http://www.google.com/page.html,https://www.google.com/page.html?query=123, orhttps://www.google.com
Never
Selecting Never will prompt Bitwarden to never offer auto-fill for the Login item.