From acb2069fe6f5533370f8aeede144d12782f998e2 Mon Sep 17 00:00:00 2001
From: phoeagon <phoeagon@gmail.com>
Date: Fri, 20 Feb 2026 20:35:18 -0800
Subject: [PATCH] add a config
 experimental_client_feature_flags_skip_validation, that, when set, passes
 through all feature flags verbatim without validation. Useful for testing and
 eaerly adopters

---
 .env.template |  5 +++++
 src/config.rs | 18 ++++++++++++------
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/.env.template b/.env.template
index 67f531fc..547e9a6a 100644
--- a/.env.template
+++ b/.env.template
@@ -383,6 +383,11 @@
 ## - "mutual-tls": Enable the use of mutual TLS on Android (Client >= 2025.2.0)
 # EXPERIMENTAL_CLIENT_FEATURE_FLAGS=fido2-vault-credentials
 
+## Skip validation of experimental client feature flags.
+## If set to true, Vaultwarden will not check if the flags in EXPERIMENTAL_CLIENT_FEATURE_FLAGS are known.
+## Use this at your own risk!
+# EXPERIMENTAL_CLIENT_FEATURE_FLAGS_SKIP_VALIDATION=false
+
 ## Require new device emails. When a user logs in an email is required to be sent.
 ## If sending the email fails the login attempt will fail!!
 # REQUIRE_DEVICE_EMAIL=false
diff --git a/src/config.rs b/src/config.rs
index 4fb103fa..9194a0f7 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -712,6 +712,9 @@ make_config! {
 
         /// Customize the enabled feature flags on the clients |> This is a comma separated list of feature flags to enable.
         experimental_client_feature_flags: String, false, def, String::new();
+        /// Skip validation of experimental client feature flags |> If this is set to true, the experimental client feature flags will not be validated. This is useful for testing.
+        /// Use this at your own risk!
+        experimental_client_feature_flags_skip_validation: bool, false, def, false;
 
         /// Require new device emails |> When a user logs in an email is required to be sent.
         /// If sending the email fails the login attempt will fail.
@@ -1047,12 +1050,15 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> {
         "simple-login-self-host-alias",
         "mutual-tls",
     ];
-    let configured_flags = parse_experimental_client_feature_flags(&cfg.experimental_client_feature_flags);
-    let invalid_flags: Vec<_> = configured_flags.keys().filter(|flag| !KNOWN_FLAGS.contains(&flag.as_str())).collect();
-    if !invalid_flags.is_empty() {
-        err!(format!("Unrecognized experimental client feature flags: {invalid_flags:?}.\n\n\
-                     Please ensure all feature flags are spelled correctly and that they are supported in this version.\n\
-                     Supported flags: {KNOWN_FLAGS:?}"));
+    if !cfg.experimental_client_feature_flags_skip_validation {
+        let configured_flags = parse_experimental_client_feature_flags(&cfg.experimental_client_feature_flags);
+        let invalid_flags: Vec<_> =
+            configured_flags.keys().filter(|flag| !KNOWN_FLAGS.contains(&flag.as_str())).collect();
+        if !invalid_flags.is_empty() {
+            err!(format!("Unrecognized experimental client feature flags: {invalid_flags:?}.\n\n\
+                         Please ensure all feature flags are spelled correctly and that they are supported in this version.\n\
+                         Supported flags: {KNOWN_FLAGS:?}"));
+        }
     }
 
     const MAX_FILESIZE_KB: i64 = i64::MAX >> 10;