Okay, so two questions here.
I entered “amazon.com” as a login URI and Base Domain match detection which is defined as “the second-level domain plus the top-level domain of the given URI”. But when I go to login screen for “amazon.co.uk”, which has different TLD and different 2LD, the same login is offered. Why?
Since some countries such as UK and Japan have a commercial 2LD (.co.uk and .co.jp), wouldn’t all sites which end with those be recognized with the Base Domain setting?
Japan here:
.com and .co.jp have separate accounts I can’t use one on the other.
also, security-wise, I could register bankofamerica.co.xx and if what you expect was true, I could force your Bitwarden to fill in the password and my site would listen for the autofill and steal.
so this is bad for security.
I know Japanese Amazon uses a separate account. I’m not asking anything about Amazon, I used the site as an example for two different TLDs.
My question is how can Bitwarden recognize “amazon.co.uk” as an autofill if I entered “amazon.com” in the URI.
About your second reply, I don’t get what you’re trying to say. What do you mean by “bankofamerica.co.xx”?
What I asked is shouldn’t TLD (.uk) and 2LD (.co) include all sites which end with .co.uk?
This happens because amazon.co.uk and amazon.com are treated as “equivalent domains”. You can adjust these settings in the vault under the Settings > Domain Rule section in the web vault.
That makes sense, thanks!
About the second question, wouldn’t TLD and 2LD include all UK sites?