vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-29 10:02:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(browser): remove verbatim upstream text from 429 error surface

Browse Source 
Stop reflecting provider-controlled response body into thrown errors
on HTTP 429. The upstream text was embedded in error messages that
reach logs and agent tool output, creating an avoidable log/output
injection surface for remote CDP/browser endpoints.

The stable BROWSER_RATE_LIMIT_MESSAGE already provides all the
actionable information the user needs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Matt Van Horn
2026-03-10 12:59:58 -07:00
committed by Altay
parent cda54bc778
commit 2c21381d0f
2 changed files with 6 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/browser/cdp.helpers.ts
View File

@@ -174,10 +174,9 @@ export async function fetchCdpChecked(
);
if (!res.ok) {
if (res.status === 429) {
const text = await res.text().catch(() => "");
const detail = text ? ` (${text.slice(0, 200)})` : "";
// Do not reflect upstream response text into the error surface (log/agent injection risk)
throw new Error(
`${BROWSER_RATE_LIMIT_MESSAGE}${detail} Do NOT retry - wait for the current session to complete, or upgrade your plan.`,
`${BROWSER_RATE_LIMIT_MESSAGE} Do NOT retry - wait for the current session to complete, or upgrade your plan.`,
);
}
throw new Error(`HTTP ${res.status}`);

15
src/browser/client-fetch.ts
View File

@@ -185,10 +185,8 @@ async function fetchHttpJson<T>(
if (!res.ok) {
const text = await res.text().catch(() => "");
if (isRateLimitStatus(res.status)) {
const detail = text ? ` (${text.slice(0, 200)})` : "";
throw new BrowserServiceError(
`${BROWSER_RATE_LIMIT_MESSAGE}${detail} ${BROWSER_TOOL_MODEL_HINT}`,
);
// Do not reflect upstream response text into the error surface (log/agent injection risk)
throw new BrowserServiceError(`${BROWSER_RATE_LIMIT_MESSAGE} ${BROWSER_TOOL_MODEL_HINT}`);
}
throw new BrowserServiceError(text || `HTTP ${res.status}`);
}
@@ -284,13 +282,8 @@ export async function fetchBrowserJson<T>(
if (result.status >= 400) {
if (isRateLimitStatus(result.status)) {
const detail =
result.body && typeof result.body === "object" && "error" in result.body
? ` (${String((result.body as { error?: unknown }).error).slice(0, 200)})`
: "";
throw new BrowserServiceError(
`${BROWSER_RATE_LIMIT_MESSAGE}${detail} ${BROWSER_TOOL_MODEL_HINT}`,
);
// Do not reflect upstream response text into the error surface (log/agent injection risk)
throw new BrowserServiceError(`${BROWSER_RATE_LIMIT_MESSAGE} ${BROWSER_TOOL_MODEL_HINT}`);
}
const message =
result.body && typeof result.body === "object" && "error" in result.body