source/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-02-14 07:49:54 +08:00
Code Issues Packages Projects Releases Wiki Activity
9,045 Commits 353 Branches 49 Tags
develop
Commit Graph

23 Commits

Author SHA1 Message Date
Gustavo Madeira Santana
a13ff55bd9 Security: Prevent gateway credential exfiltration via URL override (#9179) 
* Gateway: require explicit auth for url overrides

* Gateway: scope credential blocking to non-local URLs only

Address review feedback: the previous fix blocked credential fallback for
ALL URL overrides, which was overly strict and could break workflows that
use --url to switch between loopback/tailnet without passing credentials.

Now credential fallback is only blocked for non-local URLs (public IPs,
external hostnames). Local addresses (127.0.0.1, localhost, private IPs
like 192.168.x.x, 10.x.x.x, tailnet 100.x.x.x) still get credential
fallback as before.

This maintains the security fix (preventing credential exfiltration to
attacker-controlled URLs) while preserving backward compatibility for
legitimate local URL overrides.

* Security: require explicit credentials for gateway url overrides (#8113) (thanks @victormier)

* Gateway: reuse explicit auth helper for url overrides (#8113) (thanks @victormier)

* Tests: format gateway chat test (#8113) (thanks @victormier)

* Tests: require explicit auth for gateway url overrides (#8113) (thanks @victormier)

---------

Co-authored-by: Victor Mier <victormier@gmail.com>
 2026-02-04 18:59:44 -05:00
Seb Slight
abcaa8c7a9 Docs: add nav titles across docs (#5689) 2026-01-31 15:04:03 -06:00
cpojer
8cab78abbc chore: Run pnpm format:fix. 2026-01-31 21:13:13 +09:00
Peter Steinberger
9a7160786a refactor: rename to openclaw 2026-01-30 03:16:21 +01:00
Peter Steinberger
6d16a658e5 refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
Peter Steinberger
96f1846c2c docs: align node transport with gateway ws 2026-01-22 23:10:09 +00:00
Peter Steinberger
b5fd66c92d fix: add explicit tailnet gateway bind 2026-01-21 20:36:09 +00:00
Peter Steinberger
c129f0bbaa docs: align gateway service naming 2026-01-21 17:45:26 +00:00
Peter Steinberger
1f7cb4b853 fix: shorten bonjour gateway service type 2026-01-20 15:10:06 +00:00
Peter Steinberger
06c17a333e docs: update protocol + security notes 2026-01-20 13:04:20 +00:00
Peter Steinberger
d88b239d3c feat: add device token auth and devices cli 2026-01-20 10:30:53 +00:00
Peter Steinberger
d802844bd6 fix: gate gateway restarts and discord abort reconnects 2026-01-19 00:15:45 +00:00
Peter Steinberger
a813343aa7 docs: clarify model refs and runtime notes 
Co-authored-by: Yuri Chukhlib <YuriNachos@users.noreply.github.com>
 2026-01-17 18:03:40 +00:00
Benjamin Jesuiter
7f6a288bd3 docs: clarify multi-gateway rescue bot guidance 2026-01-15 22:10:27 +00:00
Peter Steinberger
3eb48cbea7 docs: complete channels rename sweep 2026-01-13 08:40:39 +00:00
Peter Steinberger
d97c211e82 docs: make remote host examples generic 2026-01-12 02:11:33 +00:00
Peter Steinberger
20b4e2b859 fix: stabilize live probes and docs 2026-01-11 02:26:39 +00:00
Peter Steinberger
e0bf86f06c feat: improve gateway services and auto-reply commands 2026-01-11 02:27:16 +01:00
Peter Steinberger
adb3bc2577 fix: reset dev gateway setup 2026-01-09 15:17:20 +01:00
Peter Steinberger
1716c01bdf feat(gateway): improve wide-area discovery 2026-01-09 13:54:53 +01:00
Peter Steinberger
d258c68ca1 feat: add gateway dev config options 2026-01-09 10:39:00 +01:00
Peter Steinberger
5b50c97939 feat(cli): improve gateway status output 2026-01-09 09:27:42 +01:00
Peter Steinberger
8808d8c84c docs: add gateway CLI doc 2026-01-09 08:13:04 +01:00