vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-19 14:00:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(browser): prevent auto-token generation from overwriting trusted-proxy auth

Browse Source 
The browser control service was auto-generating a gateway.auth.token when
no token/password was detected, even when gateway.auth.mode was set to
'trusted-proxy'. This overwrote the trusted-proxy configuration and
switched the gateway back to token mode.

Fix: Skip auto-token generation when auth mode is 'trusted-proxy',
similar to how it already skips for 'password' mode.

This prevents the browser service from mangling the trusted-proxy config
during startup.
This commit is contained in:
Nick Taylor
2026-02-13 18:09:00 +00:00
committed by Peter Steinberger
parent befb4d59a8
commit 267ff35e57
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/browser/control-auth.ts
View File

@@ -58,6 +58,11 @@ export async function ensureBrowserControlAuth(params: {
return { auth };
}
// Respect explicit trusted-proxy mode (no token/password needed).
if (params.cfg.gateway?.auth?.mode === "trusted-proxy") {
return { auth };
}
// Re-read latest config to avoid racing with concurrent config writers.
const latestCfg = loadConfig();
const latestAuth = resolveBrowserControlAuth(latestCfg, env);
@@ -67,6 +72,9 @@ export async function ensureBrowserControlAuth(params: {
if (latestCfg.gateway?.auth?.mode === "password") {
return { auth: latestAuth };
}
if (latestCfg.gateway?.auth?.mode === "trusted-proxy") {
return { auth: latestAuth };
}
const generatedToken = crypto.randomBytes(24).toString("hex");
const nextCfg: OpenClawConfig = {