New warning for HTTP sites?

I test web applications daily against localhost, and the latest update started warning me that localhost (HTTP) might be unsecure. This is a pain, as I often cycle through credentials on a single site.

There needs to be a way to disable this warning at the item-level or globally.


Hello @jjh - welcome to the Bitwarden community forums.

Are you running your Bitwarden server over plaintext HTTP? That’s an atypical setup and highly discouraged. In fact, I didn’t even realize that was possible. Or are you running the Bitwarden clients on server software not distributed by Bitwarden?

neither, its autofilling into an HTTP site. There appears to be no way to disable the warning in bitwarden

OK, I see. You are filling credentials over plaintext HTTP. Sorry for misunderstanding what you meant - I thought this was when logging in to your Bitwarden account.

I haven’t come across this before, so I apologize - I have no guidance to offer, except have you tried changing the URI in your BW login item to an http: prefix instead of https: ?

The URI match was already set to HTTP, but the same bitwarden password item contained other HTTPS URIs. I am currently “working around” this new change by splitting out my http/https URIs into different password items.

Good idea. You might also try experimenting with “Starts With” URI Matching rules.