vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-10 16:51:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: refresh gateway auth handshake refs

Browse Source
This commit is contained in:
Peter Steinberger
2026-04-04 16:09:42 +01:00
parent 5012b52780
commit 8a6da9d488
5 changed files with 25 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/web/index.md
View File

@@ -98,7 +98,10 @@ Open:
- Gateway auth is required by default (token, password, trusted-proxy, or Tailscale Serve identity headers when enabled).
- Non-loopback binds still **require** gateway auth. In practice that means token/password auth or an identity-aware reverse proxy with `gateway.auth.mode: "trusted-proxy"`.
- The wizard generates a gateway token by default (even on loopback).
- The UI sends `connect.params.auth.token` or `connect.params.auth.password`.
- In shared-secret mode, the UI sends `connect.params.auth.token` or
`connect.params.auth.password`.
- In identity-bearing modes such as Tailscale Serve or `trusted-proxy`, the
WebSocket auth check is satisfied from request headers instead.
- For non-loopback Control UI deployments, set `gateway.controlUi.allowedOrigins`
explicitly (full origins). Without it, gateway startup is refused by default.
- `gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback=true` enables