Hello everyone,
Since the passkey feature has been released I notice strange behaviour on my own website. Some urls (not all, and the urls which are not always) are extended with the following value: chrome-extension://nngceckbapebfimnlniiiahkandclblb/content/fido2/page-script.js
So for example mywebsite.com/test/test2 suddenly becomes
This breaks my website. Is this expected behaviour? Have others seen this as well? Should I report this as a bug?
@sanderisbestok Welcome to the forum!
The known behavior (in versions 2023.10.0-2023.10.2) is that Bitwarden injects the following code snippet into the <head></head> section of each web page that is loaded by the browser:
<scrіpt>src="chrome-extension://nngceckbapebfimnlniiiahkandclblb/content/fido2/page-script.js"<scrіpt>
I have not seen any reports of URLs being affected in the way that you describe, though.
Can you explain the behavior in more detail? For example, does your website HTML contain anchors of the form
<a href="mywebsite.com/test/test2">Test Link</a>
and you see the following modified URL when inspecting the page after it has been loaded?
<a href="mywebsite.com/test.chrome-extension://nngceckbapebfimnlniiiahkandclblb/content/fido2/page-script.js/test2">Test Link</a>
In any case, the script injection that occurs in the page header can be suppressed if you add the fully qualified domain name of your website to the “Excluded Domains” list in the browser extension settings.
Is it possible to disable this behavior completely?
From the path it seems that this is only needed for fido2 functionality.
Since I only use the base username/password functionality, I don’t need it.
It’s making it hard to estimate the network traffic that my site causes in either development or production, therefore I would like to remove it from the tab.
Otherwise, it would be nice if this script was cached and wouldn’t appear as transferred.
