vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-04 22:40:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(gateway): add HSTS header hardening and docs

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-23 19:47:09 +00:00
parent c88915b721
commit 9af3ec92a5
16 changed files with 275 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/gateway/server-http.ts
View File

@@ -417,6 +417,7 @@ export function createGatewayHttpServer(opts: {
openAiChatCompletionsEnabled: boolean;
openResponsesEnabled: boolean;
openResponsesConfig?: import("../config/types.gateway.js").GatewayHttpResponsesConfig;
strictTransportSecurityHeader?: string;
handleHooksRequest: HooksRequestHandler;
handlePluginRequest?: HooksRequestHandler;
resolvedAuth: ResolvedGatewayAuth;
@@ -433,6 +434,7 @@ export function createGatewayHttpServer(opts: {
openAiChatCompletionsEnabled,
openResponsesEnabled,
openResponsesConfig,
strictTransportSecurityHeader,
handleHooksRequest,
handlePluginRequest,
resolvedAuth,
@@ -447,7 +449,9 @@ export function createGatewayHttpServer(opts: {
});
async function handleRequest(req: IncomingMessage, res: ServerResponse) {
setDefaultSecurityHeaders(res);
setDefaultSecurityHeaders(res, {
strictTransportSecurity: strictTransportSecurityHeader,
});
// Don't interfere with WebSocket upgrades; ws handles the 'upgrade' event.
if (String(req.headers.upgrade ?? "").toLowerCase() === "websocket") {