github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-19 01:27:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: secure chrome extension relay cdp

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-01 02:25:14 -08:00
parent e4f7155369
commit a1e89afcc1
6 changed files with 129 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/gateway/security/index.md
View File

@@ -610,6 +610,7 @@ access those accounts and data. Treat browser profiles as **sensitive state**:
- Disable browser sync/password managers in the agent profile if possible (reduces blast radius).
- For remote gateways, assume “browser control” is equivalent to “operator access” to whatever that profile can reach.
- Keep the Gateway and node hosts tailnet-only; avoid exposing relay/control ports to LAN or public Internet.
- The Chrome extension relays CDP endpoint is auth-gated; only OpenClaw clients can connect.
- Disable browser proxy routing when you dont need it (`gateway.nodes.browser.mode="off"`).
- Chrome extension relay mode is **not** “safer”; it can take over your existing Chrome tabs. Assume it can act as you in whatever that tab/profile can reach.