mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-06 11:51:37 +00:00
feat(gateway): deprecate query param hook token auth for security (#2200)
* feat(gateway): deprecate query param hook token auth for security
Query parameter tokens appear in:
- Server access logs
- Browser history
- Referrer headers
- Network monitoring tools
This change adds a deprecation warning when tokens are provided via
query parameter, encouraging migration to header-based authentication
(Authorization: Bearer <token> or X-Clawdbot-Token header).
Changes:
- Modified extractHookToken to return { token, fromQuery } object
- Added deprecation warning in server-http.ts when fromQuery is true
- Updated tests to verify the new return type and fromQuery flag
Fixes #2148
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: deprecate hook query token auth (#2200) (thanks @YuriNachos)
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
This commit is contained in:
Yuri Chukhlib
@@ -6,6 +6,7 @@ Docs: https://docs.clawd.bot
|
||||
Status: unreleased.
|
||||
|
||||
### Changes
|
||||
- Gateway: warn on hook tokens via query params; document header auth preference. (#2200) Thanks @YuriNachos.
|
||||
- Doctor: warn on gateway exposure without auth. (#2016) Thanks @Alex-Alaniz.
|
||||
- Docs: add Vercel AI Gateway to providers sidebar. (#1901) Thanks @jerilynzheng.
|
||||
- Agents: expand cron tool description with full schema docs. (#1988) Thanks @tomascupr.
|
||||
|
||||
Reference in New Issue
Block a user