OK. Let’s suppose that the active browser tab is displaying the login form at the URL https://testserver.domain.com/site2
, and you wish for Account5
to be auto-filled.
Clearly, there is no scenario under which your Google account (Account1
) will be matched here so let’s skip to the others.
When Bitwarden checks whether to match the Account2
credentials to the active login form, it will go through the preference logic outlined above, and first determine that there is no exact match between the active URL and the Account2
URI (so it will proceed to check if there is a “Host” match); next, it will determine that there is no “Host” match (so it will proceed to check for a “Based Domain” match); in this final test, it determines that the Base Domain of the active URL (https://testserver.domain.com/site2
) does match the Base Domain of the Account2
URI (https://workday.domain.com
). Hence, it will register this as a match, and therefore offer Account2
as one of the options for auto-filling the form.
The same thing will happen with the vault item for Account3
: the corresponding URI (https://training.domain.com
) will fail the exact and host matching, but will match on base domain. As a result, the credentials for Account3
will also be offered by Bitwarden as one of the options for auto-filling the form.
With the vault item for Account4
, the exact match test will fail, but moving on to the “Host” test, Bitwarden will find a match, and therefore will offer Account4
as one of the options for auto-filling the form.
And clearly, when Bitwarden processes the vault item for Account5
, it will find a match when comparing the exact values of the active URL and the stored URI. Not surprisingly, Account5
will be offered by the Bitwarden browser extension as one of the options for auto-filling the form.
Therefore, the end result of the preference rules you have proposed will be that when your browser tab contains the login form at the URL https://testserver.domain.com/site2
, the Bitwarden browser extension will find four different accounts that “match” (Account2
, Account3
, Account4
, and Account5
).
If we perform a similar analysis of what would happen when the active URL represents any of the other login forms in the domain.com
domain (i.e., https://workday.domain.com
, https://training.domain.com
, or https://testserver.domain.com/site1
), we would find the same result: the Bitwarden browser extension will always match the credentials for Account2
, Account3
, Account4
, and Account5
.
Thus, as I already noted previously your proposed “preference order” scheme will yield results that are identical to what woudl happen if you simply set the URI Macth Detection rule to Base Domain.