github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 05:21:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): enforce sandbox bridge auth

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-14 13:17:41 +01:00
parent 4711a943e3
commit 6dd6bce997
8 changed files with 108 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/commands/chutes-oauth.ts
View File

@@ -8,6 +8,7 @@ import {
generateChutesPkce,
parseOAuthCallbackInput,
} from "../agents/chutes-oauth.js";
import { isLoopbackHost } from "../gateway/net.js";
type OAuthPrompt = {
message: string;
@@ -44,6 +45,11 @@ async function waitForLocalCallback(params: {
throw new Error(`Chutes OAuth redirect URI must be http:// (got ${params.redirectUri})`);
}
const hostname = redirectUrl.hostname || "127.0.0.1";
if (!isLoopbackHost(hostname)) {
throw new Error(
`Chutes OAuth redirect hostname must be loopback (got ${hostname}). Use http://127.0.0.1:<port>/...`,
);
}
const port = redirectUrl.port ? Number.parseInt(redirectUrl.port, 10) : 80;
const expectedPath = redirectUrl.pathname || "/";