github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-19 04:47:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): require BlueBubbles webhook auth

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 11:41:35 +01:00
parent 220bd95eff
commit 6b2f2811dc
4 changed files with 71 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/channels/bluebubbles.md
View File

@@ -46,7 +46,8 @@ Status: bundled plugin that talks to the BlueBubbles macOS server over HTTP. **R
Security note:
- Always set a webhook password. If you expose the gateway through a reverse proxy (Tailscale Serve/Funnel, nginx, Cloudflare Tunnel, ngrok), the proxy may connect to the gateway over loopback. The BlueBubbles webhook handler treats requests with forwarding headers as proxied and will not accept passwordless webhooks.
- Always set a webhook password.
- Webhook authentication is always required. OpenClaw rejects BlueBubbles webhook requests unless they include a password/guid that matches `channels.bluebubbles.password` (for example `?password=<password>` or `x-password`), regardless of loopback/proxy topology.
## Keeping Messages.app alive (VM / headless setups)