diff --git a/Dockerfile b/Dockerfile
index ca5707e0..001ee430 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -47,11 +47,8 @@ RUN mkdir /data
 VOLUME /data
 EXPOSE 80
 
-# Copies the files from the context (migrations, web-vault, ...)
+# Copies the files from the context (env file and web-vault)
 # and the binary from the "build" stage to the current stage
-
-# TODO Only needs web-vault and .env
-# COPY . .
 COPY .env .
 COPY web-vault ./web-vault
 COPY --from=build app/target/release/bitwarden_rs .
diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs
index 13afc65d..3a1e5b77 100644
--- a/src/api/core/ciphers.rs
+++ b/src/api/core/ciphers.rs
@@ -23,13 +23,13 @@ use CONFIG;
 
 #[get("/sync")]
 fn sync(headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
-    let user = headers.user;
+    let user = &headers.user;
 
     let folders = Folder::find_by_user(&user.uuid, &conn);
     let folders_json: Vec<Value> = folders.iter().map(|c| c.to_json()).collect();
 
     let ciphers = Cipher::find_by_user(&user.uuid, &conn);
-    let ciphers_json: Vec<Value> = ciphers.iter().map(|c| c.to_json(&conn)).collect();
+    let ciphers_json: Vec<Value> = ciphers.iter().map(|c| c.to_json(&headers.host, &conn)).collect();
 
     Ok(Json(json!({
         "Profile": user.to_json(),
@@ -49,7 +49,7 @@ fn sync(headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
 fn get_ciphers(headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
     let ciphers = Cipher::find_by_user(&headers.user.uuid, &conn);
 
-    let ciphers_json: Vec<Value> = ciphers.iter().map(|c| c.to_json(&conn)).collect();
+    let ciphers_json: Vec<Value> = ciphers.iter().map(|c| c.to_json(&headers.host, &conn)).collect();
 
     Ok(Json(json!({
       "Data": ciphers_json,
@@ -68,7 +68,7 @@ fn get_cipher(uuid: String, headers: Headers, conn: DbConn) -> Result<Json, BadR
         err!("Cipher is not owned by user")
     }
 
-    Ok(Json(cipher.to_json(&conn)))
+    Ok(Json(cipher.to_json(&headers.host, &conn)))
 }
 
 #[derive(Deserialize, Debug)]
@@ -122,7 +122,7 @@ fn post_ciphers(data: Json<CipherData>, headers: Headers, conn: DbConn) -> Resul
 
     cipher.save(&conn);
 
-    Ok(Json(cipher.to_json(&conn)))
+    Ok(Json(cipher.to_json(&headers.host, &conn)))
 }
 
 fn value_from_data(data: &CipherData) -> Result<Value, &'static str> {
@@ -229,7 +229,7 @@ fn post_attachment(uuid: String, data: Data, content_type: &ContentType, headers
         attachment.save(&conn);
     });
 
-    Ok(Json(cipher.to_json(&conn)))
+    Ok(Json(cipher.to_json(&headers.host, &conn)))
 }
 
 #[post("/ciphers/<uuid>/attachment/<attachment_id>/delete", data = "<_data>")]
diff --git a/src/auth.rs b/src/auth.rs
index 5ef66725..6e69ee7e 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -94,6 +94,7 @@ use db::models::{User, Device};
 
 pub struct Headers {
     pub device_type: Option<i32>,
+    pub host: String,
     pub device: Device,
     pub user: User,
 }
@@ -111,6 +112,12 @@ impl<'a, 'r> FromRequest<'a, 'r> for Headers {
             _ => None // return err_handler!("Device-Type is invalid or missing")
         };
 
+        // Get host
+        let host = match headers.get_one("Host") {
+            Some(host) => format!("http://{}", host), // TODO: Check if HTTPS
+            _ => String::new() // return err_handler!("Host is invalid or missing")
+        };
+
         // Get access_token
         let access_token: &str = match request.headers().get_one("Authorization") {
             Some(a) => {
@@ -156,6 +163,6 @@ impl<'a, 'r> FromRequest<'a, 'r> for Headers {
             err_handler!("Invalid security stamp")
         }
 
-        Outcome::Success(Headers { device_type, device, user })
+        Outcome::Success(Headers { device_type, host, device, user })
     }
 }
\ No newline at end of file
diff --git a/src/db/models/attachment.rs b/src/db/models/attachment.rs
index 5dd2d231..7d09a77f 100644
--- a/src/db/models/attachment.rs
+++ b/src/db/models/attachment.rs
@@ -29,10 +29,10 @@ impl Attachment {
         format!("{}/{}/{}", CONFIG.attachments_folder, self.cipher_uuid, self.id)
     }
 
-    pub fn to_json(&self) -> JsonValue {
+    pub fn to_json(&self, host: &str) -> JsonValue {
         use util::get_display_size;
 
-        let web_path = format!("/attachments/{}/{}", self.cipher_uuid, self.id);
+        let web_path = format!("{}/attachments/{}/{}", host, self.cipher_uuid, self.id);
         let display_size = get_display_size(self.file_size);
 
         json!({
diff --git a/src/db/models/cipher.rs b/src/db/models/cipher.rs
index b81dec0d..a4940ca6 100644
--- a/src/db/models/cipher.rs
+++ b/src/db/models/cipher.rs
@@ -57,7 +57,7 @@ use db::schema::ciphers;
 
 /// Database methods
 impl Cipher {
-    pub fn to_json(&self, conn: &DbConn) -> JsonValue {
+    pub fn to_json(&self, host: &str, conn: &DbConn) -> JsonValue {
         use serde_json;
         use util::format_date;
         use super::Attachment;
@@ -65,7 +65,7 @@ impl Cipher {
         let data_json: JsonValue = serde_json::from_str(&self.data).unwrap();
 
         let attachments = Attachment::find_by_cipher(&self.uuid, conn);
-        let attachments_json: Vec<JsonValue> = attachments.iter().map(|c| c.to_json()).collect();
+        let attachments_json: Vec<JsonValue> = attachments.iter().map(|c| c.to_json(host)).collect();
 
         json!({
             "Id": self.uuid,