github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-05-07 19:39:41 -05:00
Code Issues 1.1k Packages Projects Releases 122 Wiki Activity

[GH-ISSUE #6199] [BWA-204] Unable to log in to self-hosted server with .onion URL #15023

New Issue
Closed
opened 2026-04-15 01:18:49 -05:00 by GiteaMirror · 4 comments
GiteaMirror commented 2026-04-15 01:18:49 -05:00
Owner
Copy Link

Originally created by @Zighy on GitHub (Nov 24, 2025).
Original GitHub issue: https://github.com/bitwarden/android/issues/6199

Steps To Reproduce

  1. Go to login page
  2. Click on 'Logging in on : Self-hosted'
  3. Click on 'Self-hosted'
  4. On textbox 'Server URL' entre the http://.onion URL of the server behind tor network
  5. Click on 'Save'
  6. Perform Login and error occours => show the error :

Stacktrace:

java.net.Un knownServiceException: CLEARTEXT communication to xxxxxxxxxxx.onion not permitted by network security policy ....

Expected Result

The login should be allowed on .onion URL because it doesn't use https end encryption is enforced by orbot VPN

Actual Result

Unable to login

Screenshots or Videos

No response

Additional Context

No response

Build Version

2025.11.0 (20967)

What server are you connecting to?

Self-host

Self-host Server Version

No response

Environment Details

  • Redmi Note 9
  • Android MIUI version 14.0.5

Issue Tracking Info

  • I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
Originally created by @Zighy on GitHub (Nov 24, 2025). Original GitHub issue: https://github.com/bitwarden/android/issues/6199 ### Steps To Reproduce 1. Go to login page 2. Click on 'Logging in on : Self-hosted' 3. Click on 'Self-hosted' 4. On textbox 'Server URL' entre the http://.onion URL of the server behind tor network 5. Click on 'Save' 6. Perform Login and error occours => show the error : Stacktrace: java.net.Un knownServiceException: CLEARTEXT communication to xxxxxxxxxxx.onion not permitted by network security policy .... ### Expected Result The login should be allowed on .onion URL because it doesn't use https end encryption is enforced by orbot VPN ### Actual Result Unable to login ### Screenshots or Videos _No response_ ### Additional Context _No response_ ### Build Version 2025.11.0 (20967) ### What server are you connecting to? Self-host ### Self-host Server Version _No response_ ### Environment Details - Redmi Note 9 - Android MIUI version 14.0.5 ### Issue Tracking Info - [x] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
GiteaMirror added the app:authenticatorbug labels 2026-04-15 01:18:50 -05:00
GiteaMirror commented 2026-04-15 01:18:51 -05:00
Author
Owner
Copy Link

@bitwarden-bot commented on GitHub (Nov 24, 2025):

Thank you for your report! We've added this to our internal board for review.
ID: BWA-204

<!-- gh-comment-id:3573080135 --> @bitwarden-bot commented on GitHub (Nov 24, 2025): Thank you for your report! We've added this to our internal board for review. ID: [BWA-204](https://bitwarden.atlassian.net/browse/BWA-204) [BWA-204]: https://bitwarden.atlassian.net/browse/BWA-204?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
GiteaMirror commented 2026-04-15 01:18:52 -05:00
Author
Owner
Copy Link

@pamperer562580892423 commented on GitHub (Nov 24, 2025):

The Bitwarden authenticator app has no login option. You probably meant to use the "app:password-manager" tag.

<!-- gh-comment-id:3573096807 --> @pamperer562580892423 commented on GitHub (Nov 24, 2025): The Bitwarden authenticator app has no login option. You probably meant to use the "app:password-manager" tag.
GiteaMirror commented 2026-04-15 01:18:53 -05:00
Author
Owner
Copy Link

@pamperer562580892423 commented on GitHub (Nov 24, 2025):

Ah, and you need https:

Image

(--> https://bitwarden.com/help/releasenotes/#2025-8-0)

<!-- gh-comment-id:3573105744 --> @pamperer562580892423 commented on GitHub (Nov 24, 2025): Ah, and you need https: <img width="910" height="113" alt="Image" src="https://github.com/user-attachments/assets/b549907c-64e5-4bce-a03e-fd95684b06ff" /> (--> https://bitwarden.com/help/releasenotes/#2025-8-0)
GiteaMirror commented 2026-04-15 01:18:53 -05:00
Author
Owner
Copy Link

@Zighy commented on GitHub (Nov 26, 2025):

So, to clarify: I need to place a proxy with HTTPS offloading in front of my self-hosted Tor service?
Is there no way to configure an exception for .onion URLs so that plain HTTP connections are permitted?

<!-- gh-comment-id:3582662157 --> @Zighy commented on GitHub (Nov 26, 2025): So, to clarify: I need to place a proxy with HTTPS offloading in front of my self-hosted Tor service? Is there no way to configure an exception for .onion URLs so that plain HTTP connections are permitted?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label app:authenticator bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#15023
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?