github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 05:41:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(gateway): align insecure-auth toggle messaging

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 12:55:18 +01:00
parent 810218756d
commit 99048dbec2
8 changed files with 35 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/security/audit.ts
View File

@@ -349,9 +349,9 @@ function collectGatewayConfigFindings(
findings.push({
checkId: "gateway.control_ui.insecure_auth",
severity: "critical",
title: "Control UI allows insecure HTTP auth",
title: "Control UI insecure auth toggle enabled",
detail:
"gateway.controlUi.allowInsecureAuth=true is a legacy insecure-auth toggle; Control UI still enforces secure context and device identity unless dangerouslyDisableDeviceAuth is enabled.",
"gateway.controlUi.allowInsecureAuth=true does not bypass secure context or device identity checks; only dangerouslyDisableDeviceAuth disables Control UI device identity checks.",
remediation: "Disable it or switch to HTTPS (Tailscale Serve) or localhost.",
});
}