Add the ability to disable unsecured HTTP page warning

I have multiple per-project stage environments on different URLs saved to a single password entry because they have a shared database (but application code is different).

Splitting the entries because Bitwarden decided to obsessively babysit me out of the sudden with no opt-out seems counter-productive.

I’m not sure how hard is to rebuild the extension but I’ll look into maintaining a local fork if adding a global knob to disable this is not possible for whatever reason.

e: I’ve just noticed that this thread is 2 month old with no upstream activity. I guess a fork it is, then…

1 Like

Still waiting… As a web developer, this is very annoying.


Hello, same for me please add an option :frowning:

1 Like

Hi, this definitely needs to be an option. I know what I am doing when entering password to clear http sites.

Please make a solution for this. It’s annoying to have to press enter every single time I log in to my self-hosted services

Please find a solution quickly. As developer this is beyond of annoying. Companies managers who decide to choose Bitwraden is of curse absolutely unaware that is a huge problem for us.


I allowed the Firefox extension to update today, having frozen it last December as a result of the “massive amounts of whitespace” issue. That was a mistake. :frowning:

I’m reverting to the old version again until this is fixed.

It can’t be that uncommon for people to have a single entry for a server (or even a group of servers) that can legitimately and securely be accessed over different routes, some https and others http. As others have said above, it’s fair enough to have this kind of warning on by default to protect naive users, but it must be able to be disabled, either globally or per-entry. Splitting or duplicating the entries is not a valid solution, because it defeats the object of having the password stored in one place.


With all due respect, would you mind asking the team why it’s taking over half a year to implement a checkbox in the extension’s settings to disable this warning?


Definitely necessary, or at least having the ability to whitelist certain domains/IP addresses.

1 Like

If you look closely, the warning message states that the login was originally saved on a HTTPS page. So all you have to do to make the warning go away is to delete and make a new password entry for each site that you are trying to access in HTTP mode. If you try to access the same URL but in HTTPS mode it will also auto fill with no prompt too.


Any information you can share regarding the progress? Is this even being worked on? It has been over half a year since the first information was ‘passed along’.

@bw-admin Any update? This is annoying me also, and it’s been a problem for a very long time while this request has been open. I’d have to consider moving to a different password manager because it completely interrupts my workflow.

@bw-admin I’m in complete agreement with the others. This is highly annoying - try to manage networking equipment on the local network with this constant pop-up. Want to access the Network Router? Pop-up! Managed Switch? Pop-Up! DNS Server Logs? Pop Up!

==> I may have found a solution to these warning pop-ups:

Say device admin page is and you have created a login in Bitwarden.

Login → ‘EDIT’ Website/URI = enter **http://**

Select ‘Base Domain’


If you had https:// at beginning of URI and then you want to access the http:// it will throw that pop-up warning, EVERY time. Now it does not.

Hope that helps. Seems to work for me so far.

Honestly a simple checkbox behind the Website/URI that says ‘allow HTTP access’ would be great, as most browsers default to https://. Then one can just pop in the domain and be done.


When is this bug/feature going to be fixed?

@gitglub s solution didnt work for me.