github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 03:21:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(gateway): add HSTS header hardening and docs

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-23 19:47:09 +00:00
parent c88915b721
commit 9af3ec92a5
16 changed files with 275 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/gateway/server-runtime-config.ts
View File

@@ -25,6 +25,7 @@ export type GatewayRuntimeConfig = {
openAiChatCompletionsEnabled: boolean;
openResponsesEnabled: boolean;
openResponsesConfig?: import("../config/types.gateway.js").GatewayHttpResponsesConfig;
strictTransportSecurityHeader?: string;
controlUiBasePath: string;
controlUiRoot?: string;
resolvedAuth: ResolvedGatewayAuth;
@@ -78,6 +79,15 @@ export async function resolveGatewayRuntimeConfig(params: {
false;
const openResponsesConfig = params.cfg.gateway?.http?.endpoints?.responses;
const openResponsesEnabled = params.openResponsesEnabled ?? openResponsesConfig?.enabled ?? false;
const strictTransportSecurityConfig =
params.cfg.gateway?.http?.securityHeaders?.strictTransportSecurity;
const strictTransportSecurityHeader =
strictTransportSecurityConfig === false
? undefined
: typeof strictTransportSecurityConfig === "string" &&
strictTransportSecurityConfig.trim().length > 0
? strictTransportSecurityConfig.trim()
: undefined;
const controlUiBasePath = normalizeControlUiBasePath(params.cfg.gateway?.controlUi?.basePath);
const controlUiRootRaw = params.cfg.gateway?.controlUi?.root;
const controlUiRoot =
@@ -147,6 +157,7 @@ export async function resolveGatewayRuntimeConfig(params: {
openResponsesConfig: openResponsesConfig
? { ...openResponsesConfig, enabled: openResponsesEnabled }
: undefined,
strictTransportSecurityHeader,
controlUiBasePath,
controlUiRoot,
resolvedAuth,