mirror of
https://github.com/bitwarden/android.git
synced 2026-05-08 21:10:40 -05:00
Host Match Detection broken for URLs with ports #2217
Open
opened 2025-11-26 23:12:03 -06:00 by GiteaMirror
·
14 comments
No Branch/Tag Specified
main
agalles/fdroid-only
sdlc/sdk-update
remove-retrofit-dependency
release/hotfix-v2026.4.1-bwpm
beta-for-qa
target-sdk-37
PM-33982/build-device-screen
new-item-types/PM-32806_passport
new-item-types/PM-32808_drivers-license
BWA-99/show-next-totp
BWA-99/add-preview-next-totp-code-setting
renovate/glidecompose
sync-min-sdk
release/2026.4-rc51
fix/security-sast-22741894-bvwj
related-origin-passkey-creation
release/2026.4-rc50
platform/android-breaking-change-detection
innovation-sprint-2026-send-folder
release/2026.3-rc49
PM-34193-vault-lockout
android-collections
llm/add-resolving-sdk-updates-skill
QA-1523/sanity-test-saucelabs
release/2026.3-rc48
PM-26577-app-links-support
PM-26896-autofill-fix
release/2026.2-rc47
pr-6572
release/2026.2-rc46
release/2026.1-rc45
PM-30644/added-logs-for-debug
PM-30644/quicktile-nav-not-showing-migration
minor-gradle-updates
release/2026.1-rc42
release/2026.1-rc44
release/2026.1-rc43
PM-28834/set-landscape-on-horizonos-devices
PM-28468/validate-and-navigate-to-vault-migration
PM-20026/force-ltr-passwords-and-codes
release/2025.12-rc41
cmcg/testCoverage
PM-29014/talkback-support-for-passwords
release/2025.12-rc40
BRE-1305/publish_test
accept-user-certs
autofill-permissions
release/2025.11-rc39
PM-22479/check-all-certificates-validate-asset-links
release/2025.10-rc38
agalles/android-latest
retro-agent
PM-27001/skip-account-selection-only-one-exists-cxp
release/2025.10-rc37
agalles/test-1118
release/2025.10-rc36
PM-20593-token-refresh
QA-1126b/adding-native-sanity-test
release/2025.9-rc35
pm-25933/sdk-update-password
release/2025.9-rc34
release/2025.8-rc33
agalles/20250821-release
debug-release-issues
pm-24249-allow-automated-prs-for-sdk-updates
release/2025.8-rc32
release/WORKFLOW-TEST-2025.8-rc28
agalles/20250807release
release/2025.07-rc25
release/hotfix-v2025.7.0-bwa
pm-23311/export-vault-policy-bypass
release/2025.07-rc24
authenticator-pm-sync-flags-issue
release/hotfix-v2025.6.0-bwpm
release/2025.06-rc21
agalles/automate-android-fastlane-patch
release/2025.05-rc20
release/2025.04-rc19
languages/basque
release/2025.03-rc19
update-readme
qrcode/feature
innovation/archive/pm-19153-archive-items
qrcode/2-ui-fields
qrcode/1-page
hold-on-biometric-prompt-alternative
release-notes-process
release/2025.02-rc16
bwa-monorepo
PM-8223/new-device-verification-ux-improvements
pm-18451/exempt-from-policies
test-bwa
release/2025.01-rc15
release/2025.01-rc14
release/2024.12-rc13
pm-16670/sync-leave-notice
821
PM-16695/backport-lean-more-new-device-verification
release/hotfix-v2024.11.7
release/2024.11-rc1
pm-11304/collection-add-item-button
PM-14241/disabling-logs-app-crash
poc/offline-editing
new-version-calc
pm-11649/expired-link-services
pm-6702/add-feature-flag
pm-6702/email-verification-feature
pm-9933/marketing-copy-update
pm-6702/registration-flows
update-templates
pm-6701/email-verification-selfhost-registration
v2026.4.1-bwa
v2026.4.1-bwpm
v2026.4.0-bwa
v2026.4.0-bwpm
v2026.3.1-bwa
v2026.3.1-bwpm
v2026.3.0-bwpm
v2026.3.0-bwa
v2026.2.1-bwpm
v2026.2.1-bwa
v2026.2.0-bwpm
v2026.2.0-bwa
v2026.1.1-bwa
v2026.1.1-bwpm
temp-test
v2026.1.0-bwpm
v2026.1.0-bwa
v2025.12.1-bwa
v2025.12.1-bwpm
v2025.12.0-bwa
v2025.12.0-bwpm
v2025.11.1-bwpm
v2025.11.1-bwa
v2025.11.0-bwpm
v2025.11.0-bwa
v2025.10.1-bwa
v2025.10.1-bwpm
v2025.10.0-bwa
v2025.10.0-bwpm
v2025.9.1-bwa
v2025.9.1-bwpm
v2025.9.0-bwa
v2025.9.0-bwpm
v2025.8.1-bwa
v2025.8.1-bwpm
v2025.8.0-bwa
v2025.8.0-bwpm
v2025.7.2-bwa
v2025.7.2-bwpm
v2025.7.1-bwa
v2025.7.1-bwpm
v2025.7.0-bwa
v2025.7.0-bwpm
v2025.6.1-bwpm
v2025.6.0-bwa
v2025.6.0-bwpm
v2025.1.0-bwa
v2025.5.0-bwa
v2025.5.0-bwpm
v2025.5.999
2025.4.0
v2025.4.0
untagged-4731eaadac73f3dfbbb8
v2025.3.0
v2025.2.0
untagged-815a165c5d70ffe75bc7
v2025.1.2
v2025.1.1
v2025.1.0
v2024.12.0
untagged-5a76b6392a4c8998c63a
v2024.11.7
v2024.11.6
v2024.11.5
v2024.11.4
v2024.11.3
v2024.11.2
v2024.11.1
v2024.11.0
v2024.10.2
v2024.10.1
v2024.10.0
v2024.9.0
v2024.8.1
v2024.8.0
v2024.7.3
v2024.7.2
v2024.7.1
v2024.7.0
v2024.6.1
v2024.6.0
v2024.5.1
v2024.4.1
v2024.4.2
v2024.4.0
v2024.3.3
v2024.3.1
v2024.3.0
v2024.2.1
v2024.2.0
v2024.1.1
v2024.1.0
v2023.12.0
v2023.10.0
v2023.9.2
maui-single-project-android
v2023.9.1
v2023.9.0
v2023.8.0
v2023.7.0
v2023.5.0
v2023.4.0
v2023.3.2
v2023.3.1
v2023.3.0
v2023.2.0
v2023.1.0
v2022.11.0
v2022.10.0
v2022.9.1
v2022.9.0
v2022.8.0
v2022.6.2
v2022.6.1
v2022.6.0
v2022.05.0
v2.18.0
v2.17.0
v2.16.4
v2.16.3
v2.16.2
v2.16.1
v2.15.0
v2.14.2
v2.14.1
v2.14.0
v2.13.0
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.0
v2.9.1
v2.9.0
v2.8.2
v2.8.1
v2.8.0
v2.7.2
v2.7.0
v2.6.1
v2.6.0
v2.5.6
v.2.5.5
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.3
v2.4.2
v2.4.1
v2.4.0
v2.3.1
v2.3.0
v2.2.8
v2.2.7
v2.2.6
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.0
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.22.1
v1.22.0
v1.21.0
v1.20.0
v1.19.0
v1.18.1
v1.18.0
v1.17.0
v1.16.0
v1.15.2
v1.15.1
v1.15.0
v1.14.4
v1.14.1
v1.14.0
v1.13.0
v1.12.2
v1.12.1
v1.12.0
v1.11.1
v1.11.0
v1.10.0
v1.9.0
v1.8.1
v1.8.0
v1.7.0
v1.6.5
v1.6.1
v1.6.0
v1.5.1
v1.5.0
v1.4.4
v1.4.3
v1.4.0
v1.3.0
v1.2.1
v1.2.0
v1.1.0
v1.0.0
v0.0.6
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.1
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/android#2217
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @NicholasFlamy on GitHub (Apr 22, 2025).
Steps To Reproduce
https://github.com/bitwarden/mobile/issues/2970
Expected Result
Works correctly. Or at least works like the old app.
Actual Result
Doesn't work.
Screenshots or Videos
No response
Additional Context
No response
Build Version
2025.3.0
What server are you connecting to?
Self-host
Self-host Server Version
No response
Environment Details
No response
Issue Tracking Info
@S-Kakar commented on GitHub (Apr 22, 2025):
Thank you for your report! We've added this to our internal board for review.
ID: PM-20513
@NicholasFlamy commented on GitHub (Apr 22, 2025):
Note: #4531 is focused on Host detection not working WHICH IS A KNOWN AND REPRODUCIBLE ISSUE CAUSED BY CHROMIUM. This issue is focused on the fact that the new app behaves different from the old one.
@NicholasFlamy commented on GitHub (Apr 22, 2025):
Big difference 1. is that leaving out the URL scheme,
http://orhttps://, makes the autofill not work if Match Detection is set to Host.Big difference 2. is that Accessibility Autofill no longer handles ports. On the old app, enabling both accessibility and inline autofill meant the inline showed all options for that base domain which the accessibility button to open the Bitwarden app would open the app to just the properly mathing URLs.
(To use accessibility autofill on the new app I have to disable inline autofill. Once I do that I see that the accessibility autofill behaves the same as the inline autofill, which is incorrect).
@NicholasFlamy commented on GitHub (Apr 23, 2025):
Small, unrelated thing: Great job on the native app. It LITERALLY takes less than a 1/4 second to open to the main screen when opening it from the Android home screen.
Seriously, great job! (I would like a compact mode appearance option but overall great.)
@SaintPatrck commented on GitHub (May 1, 2025):
Hi @NicholasFlamy,
There is a limitation with the Autofill framework that prevents us from matching based on port, path, and query string parameters. They are completely omitted from the request we receive. I left more details about this limitation on https://github.com/bitwarden/mobile/issues/2124#issuecomment-2839759140.
The Accessibility behavior you're describing should be resolved with #5118.
I'm not able to replicate the issue with inline autofill and accessibility being enabled at the same time. Could you elaborate on the behavior you're experiencing when both are enabled?
@NicholasFlamy commented on GitHub (May 1, 2025):
I hope it does, I read the description and it seems to address both parts of the issue.
On the old app, when I had both enabled, I would have inline auto-fill suggestions (with Android Autofill limitations) and I would have an accessibility popup to open the Bitwarden app (it may have had autofill options but I think it sometimes simply had the open Bitwarden app button).
On the new app, inline autofill takes precedence and seems to "disable" accessibility autofill. (Without actually toggling the switch in the settings.) On the new app, I don't get accessibility autofill popups while inline autofill is enabled.
The main reason I like the old app's behavior is because I often find inline autofill to be faster, and I prefer it, but on my sites where port matters, I would tap the accessibility button to open the Bitwarden app, and it would show me the autofill options for that site with the correct port.
Edit: Here are my remedy suggestions, assuming the app does a check if both are enabled and has inline autofill take precedence: Have the app simply do both if both are enabled, if someone only wants one of the two then they can disable the other.
@SaintPatrck commented on GitHub (May 9, 2025):
Thanks for clarifying, @NicholasFlamy. I think I see where the disconnect is now.
The Accessibility overlay that you're expecting was omitted from the native rewrite. Accessibility autofill must now be triggered by clicking the Autofill quick tile from the notification bar. If the app is fillable (not a system app, launcher app, not explicitly blocked, etc.) and there are fillable fields on screen, Bitwarden will launch and either display matching results or prompt to create a new entry. We no longer display an overlay as part of the Accessibility service.
In the new native application, when you see the pop-up with suggestions, that's the standard Autofill Framework taking over. You're correct that the system gives inline autofill precedence over the pop-up. There are rare scenarios where inline options are displayed along with the autofill pop-up, and from my experience those are usually a result of having credentials saved in Google Password Manager and Bitwarden. The GPM results are displayed inline in the keyboard and the Bitwarden suggestions are shown in the pop-up. Due to the limitations I mentioned earlier with the Autofill framework, this means the autofill pop-up and inline suggestions are not going to mirror the exact behavior of the legacy app.
@NicholasFlamy commented on GitHub (May 9, 2025):
Damn, I really liked that feature because it did what Google was too incompetent to do.
@NicholasFlamy commented on GitHub (May 9, 2025):
I agree. I am disappointed that the accessibility overlay wasn't implemented in the native app because that was my workaround for Google's incompetence with the Autofill framework.
@masterflitzer commented on GitHub (May 27, 2025):
would it be possible to still show the entries that don't match exactly? because no entries showing up is kinda bad for usability
example:
when we have the url "https://example.com:4433/test" i understand that the autofill framework will only send "https://example.com" (or even just "example.com"?), so instead of not showing any entries, show the partially matching ones (only when there are no exact matches)
@JunoArc commented on GitHub (Sep 13, 2025):
This is how it worked in the past I think. It was listing all the passwords for the base url without the port and you had to scroll to find it.
@NicholasFlamy commented on GitHub (Sep 13, 2025):
It currently does (at least for me), at the time there was a bug that was causing it to not always show.
@stefanheinen commented on GitHub (Nov 7, 2025):
Hey! Any progress in this?
@NicholasFlamy commented on GitHub (Nov 15, 2025):
You should go bug Google about their incompetence with Android Autofill.