Excluded Sub Domains

Feature name

  • ability to exclude all sub domains in the Excluded Domains settings

Feature function

  • In Excluded Domains you can currently add a domain but it only excludes an exact match to that domain
  • I use a lot of subdomains and want to be able to easily exclude all of them from the “Do you want to save this password?” prompt
  • Is it possible to add a wildcard (*.example.com or .example.com) so that all sub domains are excluded automatically

I believe that’s exactly how it currently works - extract from the help article:

Domain Exclusion does not register “full” URLs, only the domain component. In the above example, https://github.com/bitwarden/browser would resolve to github.com when saved, meaning that the Browser Extension would explicitly not offer to save credentials for Github.

https://bitwarden.com/help/article/exclude-domains/

From my experience it does work this way to remove the https:// and folders, but adding example.com to the exclusion list doesn’t exclude sub-domain.example.com.

1 Like

I have exactly this same request. I want to write e.g. .example.com or *.example.com and have the prompt excluded from a.example.com and b.example.com and so on, even say c.d.example.com.

1 Like

You might be able to do this with the “RegEx” match detection setting. I haven’t tried it, but some RegEx syntaxes have negation/not.

In practice, when I want a subdomain excluded, I instead just list all the subdomains that I want included (and select the “Host” match detection setting).

+1 to this feature, it doesn’t seem actually possible (I’m using the FF plugin)

@B0UNC3R where is that regex setting? I can’t find it … trying with a regex in excluded domains doesn’t work (e.g. /.*example.com/ => says it’s not a valid domain).

Note, listing exhaustively all full domains cannot work for me because I have some generated parts within.

OK I believe the regex matching setting is used only during the credentials lookup, but it doesn’t impact while looking for excluded domains.
So, still +1 for the feature request

3 Likes

FYI Subdomains exclusion by jotak · Pull Request #2289 · bitwarden/browser · GitHub

3 Likes

Thanks for your effort on this @jotak.
I am not sure why nobody is not denying neither approving this small piece of code.

I have two questions on my mind as well:

  1. I am also curious where Bitwarden does the URL domain input validation as somebody can create malicious alike URL-s or records to make Bitwarden act unproperly ?
  2. Is this modification manageble via managed_preferences.json as well? I am interested on this feature because t is unacceptable companies to let employees store internal network credentials to secret wallet.