vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 13:40:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(firecrawl): block unsafe scrape targets

Browse Source
This commit is contained in:
Peter Steinberger
2026-05-02 07:24:34 +01:00
parent cdd8e81075
commit 189ab9f5d1
4 changed files with 82 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/tools/firecrawl.md
View File

@@ -86,6 +86,7 @@ Notes:
- `maxAgeMs` controls how old cached results can be (ms). Default is 2 days.
- Legacy `tools.web.fetch.firecrawl.*` config is auto-migrated by `openclaw doctor --fix`.
- Firecrawl scrape/base URL overrides follow the same hosted/private rule as search: public hosted traffic uses `https://api.firecrawl.dev`; self-hosted overrides must resolve to private/internal endpoints.
- `firecrawl_scrape` rejects obvious private, loopback, metadata, and non-HTTP(S) target URLs before forwarding them to Firecrawl, matching the `web_fetch` target-safety contract for explicit Firecrawl scrape calls.
`firecrawl_scrape` reuses the same `plugins.entries.firecrawl.config.webFetch.*` settings and env vars.