github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-07 21:51:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(gateway): harden canvas auth with session capabilities

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-19 15:50:42 +01:00
parent f76f98b268
commit c45f3c5b00
11 changed files with 353 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/canvas-host/a2ui.ts
View File

@@ -120,8 +120,10 @@ export function injectCanvasLiveReload(html: string): string {
globalThis.openclawSendUserAction = sendUserAction;
try {
const cap = new URLSearchParams(location.search).get("oc_cap");
const proto = location.protocol === "https:" ? "wss" : "ws";
const ws = new WebSocket(proto + "://" + location.host + ${JSON.stringify(CANVAS_WS_PATH)});
const capQuery = cap ? "?oc_cap=" + encodeURIComponent(cap) : "";
const ws = new WebSocket(proto + "://" + location.host + ${JSON.stringify(CANVAS_WS_PATH)} + capQuery);
ws.onmessage = (ev) => {
if (String(ev.data || "") === "reload") location.reload();
};