vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 07:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: harden control ui framing + ws origin

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-03 16:00:57 -08:00
parent 0223416c61
commit 66d8117d44
11 changed files with 265 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
ui/src/ui/app-settings.ts
View File

@@ -51,6 +51,30 @@ type SettingsHost = {
pendingGatewayUrl?: string | null;
};
function isTopLevelWindow(): boolean {
try {
return window.top === window.self;
} catch {
return false;
}
}
function normalizeGatewayUrl(raw: string): string | null {
const trimmed = raw.trim();
if (!trimmed) {
return null;
}
try {
const parsed = new URL(trimmed);
if (parsed.protocol !== "ws:" && parsed.protocol !== "wss:") {
return null;
}
return trimmed;
} catch {
return null;
}
}
export function applySettings(host: SettingsHost, next: UiSettings) {
const normalized = {
...next,
@@ -118,8 +142,8 @@ export function applySettingsFromUrl(host: SettingsHost) {
}
if (gatewayUrlRaw != null) {
const gatewayUrl = gatewayUrlRaw.trim();
if (gatewayUrl && gatewayUrl !== host.settings.gatewayUrl) {
const gatewayUrl = normalizeGatewayUrl(gatewayUrlRaw);
if (gatewayUrl && gatewayUrl !== host.settings.gatewayUrl && isTopLevelWindow()) {
host.pendingGatewayUrl = gatewayUrl;
}
params.delete("gatewayUrl");