vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 05:30:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: seed gateway control UI origins from runtime bind

Browse Source
This commit is contained in:
Peter Steinberger
2026-04-26 01:33:20 +01:00
parent 81c2a1de26
commit 78cfd2a512
9 changed files with 182 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/web/control-ui.md
View File

@@ -437,6 +437,9 @@ Notes:
- `gatewayUrl` is only accepted in a top-level window (not embedded) to prevent clickjacking.
- Non-loopback Control UI deployments must set `gateway.controlUi.allowedOrigins`
explicitly (full origins). This includes remote dev setups.
- Gateway startup may seed local origins such as `http://localhost:<port>` and
`http://127.0.0.1:<port>` from the effective runtime bind and port, but remote
browser origins still need explicit entries.
- Do not use `gateway.controlUi.allowedOrigins: ["*"]` except for tightly controlled
local testing. It means allow any browser origin, not “match whatever host I am
using.”