github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 05:17:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): default standalone servers to loopback bind (#13184)

Browse Source 
* fix(security): default standalone servers to loopback bind (#4)

Change canvas host and telegram webhook default bind from 0.0.0.0
(all interfaces) to 127.0.0.1 (loopback only) to prevent unintended
network exposure when no explicit host is configured.

* fix: restore telegram webhook host override while keeping loopback defaults (openclaw#13184) thanks @davidrudduck

* style: format telegram docs after rebase (openclaw#13184) thanks @davidrudduck

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
This commit is contained in:
David Rudduck
2026-02-14 01:39:56 +10:00
committed by GitHub
parent a17f74306d
commit 5643a93479
10 changed files with 85 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/telegram/monitor.ts
View File

@@ -25,6 +25,7 @@ export type MonitorTelegramOpts = {
webhookPath?: string;
webhookPort?: number;
webhookSecret?: string;
webhookHost?: string;
proxyFetch?: typeof fetch;
webhookUrl?: string;
};
@@ -158,6 +159,7 @@ export async function monitorTelegramProvider(opts: MonitorTelegramOpts = {}) {
path: opts.webhookPath,
port: opts.webhookPort,
secret: opts.webhookSecret,
host: opts.webhookHost ?? account.config.webhookHost,
runtime: opts.runtime as RuntimeEnv,
fetch: proxyFetch,
abortSignal: opts.abortSignal,