fix: seed gateway control UI origins from runtime bind

2026-05-06 11:20:43 +00:00 · 2026-04-26 01:33:20 +01:00
parent 81c2a1de26
commit 78cfd2a512
9 changed files with 182 additions and 3 deletions
--- a/docs/install/fly.md
+++ b/docs/install/fly.md
@@ -193,7 +193,14 @@ read_when:
      },
      "gateway": {
        "mode": "local",
-        "bind": "auto"
+        "bind": "auto",
+        "controlUi": {
+          "allowedOrigins": [
+            "https://my-openclaw.fly.dev",
+            "http://localhost:3000",
+            "http://127.0.0.1:3000"
+          ]
+        }
      },
      "meta": {}
    }
@@ -202,6 +209,12 @@ read_when:

    **Note:** With `OPENCLAW_STATE_DIR=/data`, the config path is `/data/openclaw.json`.

+    **Note:** Replace `https://my-openclaw.fly.dev` with your real Fly app
+    origin. Gateway startup seeds local Control UI origins from the runtime
+    `--bind` and `--port` values so first boot can proceed before config exists,
+    but browser access through Fly still needs the exact HTTPS origin listed in
+    `gateway.controlUi.allowedOrigins`.
+
    **Note:** The Discord token can come from either:

    - Environment variable: `DISCORD_BOT_TOKEN` (recommended for secrets)