Do not block "Autofill and add this website" feature for power users (who prefer "Exact" URI matching)

For some odd reason, someone at Bitwarden has made the irrational decision to permanently disable the “Autofill and add this website” feature for some users.

If you prefer to use the URI match detection setting “Exact” (which is the most secure), then you can no longer avail yourself of the “Autofill and add this website” function. Due to a set of poorly thought-out PRs (e.g., #17142 and #18216), attempting to do so now results in an error message (a misleadingly worded one, to boot).

Ironically, the “Autofill and add this website” feature is particularly essential for those of us who use “Exact” matching, because this function is the most efficient and least error prone method to actually get the exact URI string stored in your login item (which is what is required for “Exact” matching to work). You would typically create your login item while on an account registration page, and the URI in the login item would be auto-populated from this page; typically, the login form for that account would have a different URI, so the vault login item does not become usable for autofilling until you add the exact URI of the relevant login form.

Prior to version 2025.12.0, all one had to do is to navigate to the login form, search for the recently added vault item, and then use “Autofill and add this website” to capture the correct URI. This workflow is now broken, and needs to be restored.

  I challenge the folks at @Livefront and any other responsible Bitwarden staff (@dwbit — please ping them) to describe even one plausible scenario that would lead to “Autofill and add this website” causing a security vulnerability for users who have set “Exact” URI matching (whether manually, or as the default setting), but not cause the same security vulnerability for users who have set their URI matching to something other than “Exact”.

The inconsistency is capricious, and discriminates against power-users. How did this idea even come about, and how was it approved?

P.S. As much as I dislike AI tools, I have to point out that even Claude could recognize this as a “Critical Issue” and a “Logic Error” in their code review of the original PR.

Hi @grb the team is exploring ways that we can bring this functionality back.

@dwbit Thanks for the update. I do have concerns (based on what I’ve described above, as well as the discussions on Github here) that the persons responsible for this change have a fundamental misunderstanding of the whole raison d’être of Bitwarden’s forced autofill functionality — which is precisely for the purpose of overriding URI match detection settings. Thus, it is completely illogical to now prevent users from overriding URI match detection settings (but only for some settings).

I just cannot fathom that this change made it into production, nor conceive of any plausible impetus for devoting development resources to deliberately creating inconsistent behavior in the UI.

Why is exploration necessary — why can the PRs not simply be rolled back? Can anybody on the team articulate a valid rationale for this baffling new behavior?