vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 07:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden sandbox novnc observer flow

Browse Source
This commit is contained in:
Agent
2026-03-01 22:44:15 +00:00
parent 4ab13eca4d
commit 002539c01e
10 changed files with 128 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/install/docker.md
View File

@@ -504,7 +504,7 @@ Notes:
- No full desktop environment (GNOME) is needed; Xvfb provides the display.
- Browser containers default to a dedicated Docker network (`openclaw-sandbox-browser`) instead of global `bridge`.
- Optional `agents.defaults.sandbox.browser.cdpSourceRange` restricts container-edge CDP ingress by CIDR (for example `172.21.0.1/32`).
- noVNC observer access is password-protected by default; OpenClaw provides a short-lived observer token URL instead of sharing the raw password in the URL.
- noVNC observer access is password-protected by default; OpenClaw provides a short-lived observer token URL that serves a local bootstrap page and keeps the password in URL fragment (instead of URL query).
Use config: