github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-30 13:44:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
904016b7de43ec490eb53ec3d91295f5a5192263
openclaw/src
History
lbo728 904016b7de fix(origin-check): honour "*" wildcard in gateway.controlUi.allowedOrigins 
When gateway.controlUi.allowedOrigins is set to ["*"], the Control UI
WebSocket was still rejected with "origin not allowed" for any non-
loopback origin (e.g. Tailscale IPs, LAN addresses).

Root cause: checkBrowserOrigin() compared each allowedOrigins entry
against the parsed request origin via a literal Array#includes(). The
entry "*" never equals an actual origin string, so the wildcard was
silently ignored and all remote connections were blocked.

Fix: check for the literal "*" entry before the per-origin comparison
and return ok:true immediately when found.

Closes #30990
2026-03-02 03:30:20 +00:00
..
acp
ACP: carry dedupe/projector updates onto configurable acpx branch
2026-03-01 20:39:24 +01:00
agents
fix(models): land #31202 normalize custom provider keys (@stakeswky)
2026-03-02 03:11:55 +00:00
auto-reply
fix(auto-reply): normalize block-reply callback to Promise for timeout path (#31200)
2026-03-01 19:23:38 -08:00
browser
test(browser): fix windows download tmp path assertions
2026-03-02 01:32:28 +00:00
canvas-host
channels
fix(telegram): scope DM topic thread keys by chat id (#31064)
2026-03-02 02:54:45 +00:00
cli
fix(cli): preserve json stdout while keeping doctor migration (#24368) (thanks @altaywtf)
2026-03-02 03:10:02 +00:00
commands
fix(doctor): use posix path semantics for linux sd detection
2026-03-02 01:48:14 +00:00
compat
config
docs(discord): standardize eventQueue timeout guidance
2026-03-02 02:22:59 +00:00
cron
feat: lightweight bootstrap context mode for heartbeat/cron runs (openclaw#26064) thanks @jose-velez
2026-03-01 20:13:24 -06:00
daemon
Node install: persist gateway token in service env (#31122)
2026-03-01 17:35:24 -08:00
discord
fix: normalize Discord wildcard sentinel parsing (#29459) (thanks @Sid-Qin)
2026-03-02 03:08:32 +00:00
docs
gateway
fix(origin-check): honour "*" wildcard in gateway.controlUi.allowedOrigins
2026-03-02 03:30:20 +00:00
hooks
refactor: unify boundary hardening for file reads
2026-02-26 13:04:37 +01:00
imessage
refactor(security): enforce account-scoped pairing APIs
2026-02-26 21:57:52 +01:00
infra
refactor: simplify telegram delivery and outbound session resolver flow
2026-03-02 03:09:40 +00:00
line
fix(line): land #31151 M4A voice MIME detection (@scoootscooob)
2026-03-02 02:26:41 +00:00
link-understanding
logging
refactor(diagnostics): hot-reload stuck warning threshold
2026-03-02 00:32:33 +00:00
markdown
fix(markdown): require paired || delimiters for spoiler detection (#26105)
2026-02-25 04:54:51 +00:00
media
fix: harden sandbox media reads against TOCTOU escapes
2026-03-02 01:04:01 +00:00
media-understanding
fix(security): lock sandbox tmp media paths to openclaw roots
2026-02-24 23:10:19 +00:00
memory
fix(memory): discard stdout for qmd update/embed to prevent output cap failure (openclaw#28900) thanks @Glucksberg
2026-03-01 12:16:50 -06:00
node-host
refactor!: remove versioned system-run approval contract
2026-03-02 01:12:53 +00:00
pairing
refactor(channels): unify dm pairing policy flows
2026-02-26 22:36:20 +01:00
plugin-sdk
fix(slack): scope download-file to channel and thread context
2026-03-02 02:23:22 +00:00
plugins
security(feishu): bind doc create grants to trusted requester context (#31184)
2026-03-01 20:51:45 -06:00
process
fix(windows): land #31147 plugin install spawn EINVAL (@codertony)
2026-03-02 02:23:53 +00:00
providers
Config: expand Kilo catalog and persist selected Kilo models (#24921)
2026-02-23 21:17:37 -05:00
routing
fix(routing): treat group/channel peer.kind as equivalent (land #31135 by @Sid-Qin)
2026-03-02 01:47:02 +00:00
scripts
secrets
test: harden flaky timeout and resolver specs
2026-03-01 21:30:07 +00:00
security
security(feishu): bind doc create grants to trusted requester context (#31184)
2026-03-01 20:51:45 -06:00
sessions
TUI: sync /model status immediately
2026-02-28 14:02:56 -08:00
shared
Web UI: strip relevant-memories scaffolding
2026-02-28 13:20:50 -08:00
signal
fix(signal): land #31138 syncMessage presence filtering (@Sid-Qin)
2026-03-02 03:28:25 +00:00
slack
fix(slack): scope download-file to channel and thread context
2026-03-02 02:23:22 +00:00
telegram
refactor: simplify telegram delivery and outbound session resolver flow
2026-03-02 03:09:40 +00:00
terminal
fix(cli): preserve json stdout while keeping doctor migration (#24368) (thanks @altaywtf)
2026-03-02 03:10:02 +00:00
test-helpers
test-utils
diffs plugin
2026-02-28 18:38:00 -05:00
tts
fix(tts): use opus format and enable voice bubbles for feishu and whatsapp (#27366)
2026-02-27 23:41:22 -06:00
tui
TUI: guard SIGTERM shutdown against setRawMode EBADF
2026-02-28 14:56:01 -08:00
types
utils
fix(agents): add forward-compat fallback for google-gemini-cli gemini-3.1-pro/flash-preview (#26570)
2026-02-26 18:39:13 -05:00
web
refactor(security): enforce account-scoped pairing APIs
2026-02-26 21:57:52 +01:00
whatsapp
wizard
refactor(gateway): dedupe origin seeding and plugin route auth matching
2026-03-02 00:42:22 +00:00
channel-web.ts
docker-image-digests.test.ts
docker-setup.test.ts
fix(docker): ensure agent directory permissions in docker-setup.sh (#28841)
2026-03-01 18:07:34 -08:00
dockerfile.test.ts
fix(docker): harden /app/extensions permissions to 755 (#30191)
2026-03-01 15:45:21 -08:00
entry.ts
CLI: add root --help fast path and lazy channel option resolution (#30975)
2026-03-01 14:23:46 -08:00
extensionAPI.ts
globals.ts
index.ts
logger.test.ts
logger.ts
logging.ts
polls.test.ts
polls.ts
runtime.ts
utils.test.ts
utils.ts
version.test.ts
version.ts