The Bitwarden web project is an Angular application that powers the web vault (https://vault.bitwarden.com/).

Build/Run

Requirements

• Node.js v8.11 or greater

Run the app

For local development, run the app with:

npm install
npm run build:watch

You can now access the web vault in your browser at https://localhost:8080. You can adjust your API endpoint settings in src/app/services/services.module.ts by altering the apiService.setUrls call. For example:

await apiService.setUrls({
    base: isDev ? null : window.location.origin,
    api: isDev ? 'http://mylocalapi' : null,
    identity: isDev ? 'http://mylocalidentity' : null,
    events: isDev ? 'http://mylocalevents' : null,
});

If you want to point the development web vault to the production APIs, you can set:

await apiService.setUrls({
    base: null,
    api: 'https://api.bitwarden.com',
    identity: 'https://identity.bitwarden.com',
    events: 'https://events.bitwarden.com',
});

And note to run the app with:

npm install
npm run build:prod:watch

Common Issues:

CORS

If you run the frontend and receive a notification after attempting to login that says:

An error has occurred.
NetworkError when attempting to fetch resource.

And in the console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.bitwarden.com/accounts/prelogin. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

This means that you are having a CORS header issue. This can be mitigated by using a CORS header changing extension in your browser such as this one.

Contribute

Code contributions are welcome! Please commit any pull requests against the master branch.

Security audits and feedback are welcome. Please open an issue or email us privately if the report is sensitive in nature. You can read our security policy in the SECURITY.md file.