github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-11 12:11:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden browser SSRF defaults and migrate legacy key

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-24 01:51:44 +00:00
parent 8779b523dc
commit 5eb72ab769
24 changed files with 334 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/browser/config.test.ts
View File

@@ -177,14 +177,25 @@ describe("browser config", () => {
},
});
expect(resolved.ssrfPolicy).toEqual({
allowPrivateNetwork: true,
dangerouslyAllowPrivateNetwork: true,
allowedHostnames: ["localhost"],
hostnameAllowlist: ["*.trusted.example"],
});
});
it("keeps browser SSRF policy undefined when not configured", () => {
it("defaults browser SSRF policy to trusted-network mode", () => {
const resolved = resolveBrowserConfig({});
expect(resolved.ssrfPolicy).toBeUndefined();
expect(resolved.ssrfPolicy).toEqual({
dangerouslyAllowPrivateNetwork: true,
});
});
it("supports explicit strict mode by disabling private network access", () => {
const resolved = resolveBrowserConfig({
ssrfPolicy: {
dangerouslyAllowPrivateNetwork: false,
},
});
expect(resolved.ssrfPolicy).toEqual({});
});
});