fix: seed gateway control UI origins from runtime bind

2026-05-06 08:00:42 +00:00 · 2026-04-26 01:33:20 +01:00
parent 81c2a1de26
commit 78cfd2a512
9 changed files with 182 additions and 3 deletions
--- a/docs/gateway/index.md
+++ b/docs/gateway/index.md
@@ -112,6 +112,12 @@ All of these run on the main Gateway port and use the same trusted operator auth
 | Gateway port | `--port` → `OPENCLAW_GATEWAY_PORT` → `gateway.port` → `18789` |
 | Bind mode    | CLI/override → `gateway.bind` → `loopback`                    |

+Gateway startup uses the same effective port and bind when it seeds local
+Control UI origins for non-loopback binds. For example, `--bind lan --port 3000`
+seeds `http://localhost:3000` and `http://127.0.0.1:3000` before runtime
+validation runs. Add any remote browser origins, such as HTTPS proxy URLs, to
+`gateway.controlUi.allowedOrigins` explicitly.
+
 ### Hot reload modes

 | `gateway.reload.mode` | Behavior                                   |
--- a/docs/install/fly.md
+++ b/docs/install/fly.md
@@ -193,7 +193,14 @@ read_when:
      },
      "gateway": {
        "mode": "local",
-        "bind": "auto"
+        "bind": "auto",
+        "controlUi": {
+          "allowedOrigins": [
+            "https://my-openclaw.fly.dev",
+            "http://localhost:3000",
+            "http://127.0.0.1:3000"
+          ]
+        }
      },
      "meta": {}
    }
@@ -202,6 +209,12 @@ read_when:

    **Note:** With `OPENCLAW_STATE_DIR=/data`, the config path is `/data/openclaw.json`.

+    **Note:** Replace `https://my-openclaw.fly.dev` with your real Fly app
+    origin. Gateway startup seeds local Control UI origins from the runtime
+    `--bind` and `--port` values so first boot can proceed before config exists,
+    but browser access through Fly still needs the exact HTTPS origin listed in
+    `gateway.controlUi.allowedOrigins`.
+
    **Note:** The Discord token can come from either:

    - Environment variable: `DISCORD_BOT_TOKEN` (recommended for secrets)
--- a/docs/web/control-ui.md
+++ b/docs/web/control-ui.md
@@ -437,6 +437,9 @@ Notes:
 - `gatewayUrl` is only accepted in a top-level window (not embedded) to prevent clickjacking.
 - Non-loopback Control UI deployments must set `gateway.controlUi.allowedOrigins`
  explicitly (full origins). This includes remote dev setups.
+- Gateway startup may seed local origins such as `http://localhost:<port>` and
+  `http://127.0.0.1:<port>` from the effective runtime bind and port, but remote
+  browser origins still need explicit entries.
 - Do not use `gateway.controlUi.allowedOrigins: ["*"]` except for tightly controlled
  local testing. It means allow any browser origin, not “match whatever host I am
  using.”