github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-30 04:36:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(gateway): scope tailscale tokenless auth to websocket

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 13:03:08 +01:00
parent 6aa11f3092
commit 356d61aacf
16 changed files with 134 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/platforms/digitalocean.md
View File

@@ -132,7 +132,7 @@ Open: `https://<magicdns>/`
Notes:
- Serve keeps the Gateway loopback-only and authenticates via Tailscale identity headers (tokenless auth assumes trusted gateway host).
- Serve keeps the Gateway loopback-only and authenticates Control UI/WebSocket traffic via Tailscale identity headers (tokenless auth assumes trusted gateway host; HTTP APIs still require token/password).
- To require token/password instead, set `gateway.auth.allowTailscale: false` or use `gateway.auth.mode: "password"`.
**Option C: Tailnet bind (no Serve)**