Allow Custom Header for the Bitwarden App Android/iOS

Spaex · April 3, 2024, 2:13pm

It would make hosting with Cloudflare Access or similiar Authentication way easier if we could set custom headers for the Android/iOS App.
So for example:
CF-Access-Client-Id: …
CF-Access-Client-Secret: …

With that we can make the Android App bypass Cloudflare Access and we can access it from anywhere. Small Change but opens so much possiblities.

Reason: I host bitwarden on a Raspberry Pi in my Home Network. Using cloudflared as reverse proxy to make it available from anywhere but in browser only after a Cloudflare Access Page requesting Google Account login. Works fine as long as I stay in the browser/Web-Vault but when I try to use the Android App I can’t get through. With the Header I can solve this with service tokens:)

vibrant · January 7, 2025, 12:52am

This would be a game changer for enhancing security on a self-hosted installation while using Cloudflare Tunnel.

Spaex · February 7, 2025, 2:56pm

Seems like other person already implemented that into a Fork of their app: GitHub - anthony-tarantini/bw-android: Bitwarden mobile app for Android.

So can’t we just merge it into the Android app?

Freaksta · May 21, 2025, 1:59pm

Any traction on this front? It really would be great for the self hosted community!

lazydog · January 24, 2026, 5:35pm

This would greatly increase security, and seems something that would be easily implemented. I’ve come so many times to this post to see if there were any news, sadly still none