I entered “amazon.com” as a login URI and Base Domain match detection which is defined as “the second-level domain plus the top-level domain of the given URI”. But when I go to login screen for “amazon.co.uk”, which has different TLD and different 2LD, the same login is offered. Why?
Since some countries such as UK and Japan have a commercial 2LD (.co.uk and .co.jp), wouldn’t all sites which end with those be recognized with the Base Domain setting?
also, security-wise, I could register bankofamerica.co.xx and if what you expect was true, I could force your Bitwarden to fill in the password and my site would listen for the autofill and steal.
I know Japanese Amazon uses a separate account. I’m not asking anything about Amazon, I used the site as an example for two different TLDs.
My question is how can Bitwarden recognize “amazon.co.uk” as an autofill if I entered “amazon.com” in the URI.
About your second reply, I don’t get what you’re trying to say. What do you mean by “bankofamerica.co.xx”?
What I asked is shouldn’t TLD (.uk) and 2LD (.co) include all sites which end with .co.uk?
This happens because amazon.co.uk and amazon.com are treated as “equivalent domains”. You can adjust these settings in the vault under the Settings > Domain Rule section in the web vault.