vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-31 01:32:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(msteams): allow Bearer-token retry on Skype CDN attachment downloads

Browse Source 
Teams puts inline DM images and clipboard-pasted images on
*.asm.skype.com URLs (e.g. us-api.asm.skype.com/v1/objects/<id>/views/imgo).
The download path in attachments/download.ts already does a plain GET first
and falls back to a Bearer-token retry on 401/403 — but the retry was gated
on the URL being in DEFAULT_MEDIA_AUTH_HOST_ALLOWLIST. asm.skype.com hosts
were in DEFAULT_MEDIA_HOST_ALLOWLIST (download permitted) but not in the
auth-host list, so a 401 plain-GET response skipped the retry and surfaced
as a missing image to the agent.

Add asm.skype.com and ams.skype.com to the auth allowlist so openclaw
attempts the Bearer-token retry consistently, matching how it treats the
other CDN/Bot-Framework hosts already in the list.

Note: this does not unblock all clipboard-pasted DM images — for at least
some tenants asm.skype.com rejects the Bot Framework token (returns 401
even with auth). Routing those URLs through <serviceUrl>/v3/attachments/...
the way #62219 already handles HTML-wrapped attachments is a separate
follow-up. The +button 'Upload from this device' path works today because
Teams generates an attachment with an HTML wrapper that triggers the
existing BF v3 attachments fallback in monitor-handler/inbound-media.ts.
This commit is contained in:
heyitsaamir
2026-05-05 20:56:13 +00:00
parent 007001a596
commit dfc169d31d
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
extensions/msteams/src/attachments/shared.ts
View File

@@ -71,8 +71,16 @@ const DEFAULT_MEDIA_AUTH_HOST_ALLOWLIST = [
"api.botframework.com",
"botframework.com",
// Bot Framework Service URL (smba.trafficmanager.net) used for outbound
// replies and inbound attachment downloads (clipboard-pasted images).
// replies and the BF v3 attachments proxy.
"smba.trafficmanager.net",
// Skype/ASM CDN — Teams puts clipboard-pasted images and inline DM images
// directly on `*.asm.skype.com` URLs (e.g. `us-api.asm.skype.com/v1/objects/.../views/imgo`).
// The endpoint requires auth and accepts Bot Framework tokens for bot
// conversation attachments. Without these hosts in the auth-allowlist,
// openclaw's auth-fallback skips the retry and the plain GET 401 surfaces
// as a missing image to the agent.
"asm.skype.com",
"ams.skype.com",
"graph.microsoft.com",
"graph.microsoft.us",
"graph.microsoft.de",