What i think we should actually do here is have the attachments use the Host header sent by the client/reverse-proxy to be used to determine the actual domain. This would also help people accessing the vault internally with a different domain then externally for example. But i think that would solve your issue as well, since now it probably sends the link to go to the currently configured DOMAIN variable, instead of using the HOST header.

Hmm, it looks like there is some checking done already, but it always uses the configured domain by default.
Only if that domain isn't configured it will look for other ways to determine the host.

Not setting the DOMAIN variable would help for the attachments, but it will break all other items.
There is already a mentioning of this in the meta features requests: Make email and U2F use the same domain-guessing used by attachments. But looking at the code, that isn't quite right currently. Also, there could be some security implications regarding this, so having a list of allowed host's is probably something needed in this case.

Still need to work on this though, only looked at it.

Just courious, any news. It is quite important for me support multiple domains.

There is no actual work done on this. At least not by me or any other main contributor as far as i can tell (No PR's or something).
Also to be clear, per organization is not something which i think we will support. If someone wants to have domains per organization, then i suggest to run multiple Vaultwarden instance with different domain settings. It's not that Vaultwarden takes up that much resources.

Also, it makes it more secure in the sense that you split the date between the domains/organizations.
I don't think we will ever support built-in multi-tenancy within one environment, as i also do not see the benefits of this.

Sure, but previously it was working fine. I mean there was no issue with attachments. So is there hope to at least allow it work again ? Something simple will work, e.g. list of domains instead of single fqdn name ?

Well, a well written PR on this is always welcome.

Heh, one day may be i could do that, little bit issue here - never write line of code in Rust... :)

There is no actual work done on this. At least not by me or any other main contributor as far as i can tell (No PR's or something). Also to be clear, per organization is not something which i think we will support. If someone wants to have domains per organization, then i suggest to run multiple Vaultwarden instance with different domain settings. It's not that Vaultwarden takes up that much resources.

Also, it makes it more secure in the sense that you split the date between the domains/organizations. I don't think we will ever support built-in multi-tenancy within one environment, as i also do not see the benefits of this.

Hey blackdex, first i wannt to thank the contributors for vaultwarden, you/dani/ and everyone else :-)

Second, you tell to use multiple vaultwarden instances, which is in my opinion not a big deal either, since vaultwarden doesn't consumes any ressources in my opinion.
But im asking because, did you wanted to point out, that we can share passwords with different people from different vw instances ?
If that's the case, then there is really no reason to not spin up vw multiple times.
If it's not the case, then that's what the op probably need/want/etc...

Cheers