fix(gateway): scope tailscale tokenless auth to websocket

2026-04-19 05:27:26 +00:00 · 2026-02-21 13:03:08 +01:00
parent 6aa11f3092
commit 356d61aacf
16 changed files with 134 additions and 15 deletions
--- a/docs/web/control-ui.md
+++ b/docs/web/control-ui.md
@@ -117,7 +117,7 @@ Open:

 - `https://<magicdns>/` (or your configured `gateway.controlUi.basePath`)

-By default, Serve requests can authenticate via Tailscale identity headers
+By default, Control UI/WebSocket Serve requests can authenticate via Tailscale identity headers
 (`tailscale-user-login`) when `gateway.auth.allowTailscale` is `true`. OpenClaw
 verifies the identity by resolving the `x-forwarded-for` address with
 `tailscale whois` and matching it to the header, and only accepts these when the