github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-19 11:28:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: clarify trusted-host assumption for tokenless tailscale

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 12:52:45 +01:00
parent fbb79d4013
commit ede496fa1a
9 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/gateway/tailscale.md
View File

@@ -33,6 +33,9 @@ daemon (`tailscale whois`) and matching it to the header before accepting it.
OpenClaw only treats a request as Serve when it arrives from loopback with
Tailscales `x-forwarded-for`, `x-forwarded-proto`, and `x-forwarded-host`
headers.
This tokenless flow assumes the gateway host is trusted. If untrusted local code
may run on the same host, disable `gateway.auth.allowTailscale` and require
token/password auth instead.
To require explicit credentials, set `gateway.auth.allowTailscale: false` or
force `gateway.auth.mode: "password"`.