github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-19 04:07:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: harden OpenResponses URL input fetching

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-13 01:38:15 +01:00
parent 4199f9889f
commit 99f28031e5
13 changed files with 431 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
docs/gateway/openresponses-http-api.md
View File

@@ -186,7 +186,11 @@ URL fetch defaults:
- `files.allowUrl`: `true`
- `images.allowUrl`: `true`
- `maxUrlParts`: `8` (total URL-based `input_file` + `input_image` parts per request)
- Requests are guarded (DNS resolution, private IP blocking, redirect caps, timeouts).
- Optional hostname allowlists are supported per input type (`files.urlAllowlist`, `images.urlAllowlist`).
- Exact host: `"cdn.example.com"`
- Wildcard subdomains: `"*.assets.example.com"` (does not match apex)
## File + image limits (config)
@@ -200,8 +204,10 @@ Defaults can be tuned under `gateway.http.endpoints.responses`:
responses: {
enabled: true,
maxBodyBytes: 20000000,
maxUrlParts: 8,
files: {
allowUrl: true,
urlAllowlist: ["cdn.example.com", "*.assets.example.com"],
allowedMimes: [
"text/plain",
"text/markdown",
@@ -222,6 +228,7 @@ Defaults can be tuned under `gateway.http.endpoints.responses`:
},
images: {
allowUrl: true,
urlAllowlist: ["images.example.com"],
allowedMimes: ["image/jpeg", "image/png", "image/gif", "image/webp"],
maxBytes: 10485760,
maxRedirects: 3,
@@ -237,6 +244,7 @@ Defaults can be tuned under `gateway.http.endpoints.responses`:
Defaults when omitted:
- `maxBodyBytes`: 20MB
- `maxUrlParts`: 8
- `files.maxBytes`: 5MB
- `files.maxChars`: 200k
- `files.maxRedirects`: 3
@@ -248,6 +256,13 @@ Defaults when omitted:
- `images.maxRedirects`: 3
- `images.timeoutMs`: 10s
Security note:
- URL allowlists are enforced before fetch and on redirect hops.
- Allowlisting a hostname does not bypass private/internal IP blocking.
- For internet-exposed gateways, apply network egress controls in addition to app-level guards.
See [Security](/gateway/security).
## Streaming (SSE)
Set `stream: true` to receive Server-Sent Events (SSE):