nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

docs: refresh control ui device identity refs

This commit is contained in:
Peter Steinberger 2026-04-04 13:52:19 +01:00
parent a6707c2e1f
commit 11d17b3c38
No known key found for this signature in database
3 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/gateway/protocol.md
View File

@ -300,6 +300,7 @@ The Gateway treats these as **claims** and enforces server-side allowlists.
- All WS clients must include `device` identity during `connect` (operator + node).
Control UI can omit it only in these modes:
- `gateway.controlUi.allowInsecureAuth=true` for localhost-only insecure HTTP compatibility.
- successful `gateway.auth.mode: "trusted-proxy"` operator Control UI auth.
- `gateway.controlUi.dangerouslyDisableDeviceAuth=true` (break-glass, severe security downgrade).
- All connections must sign the server-provided `connect.challenge` nonce.

5
docs/gateway/security/index.md
View File

@ -359,6 +359,11 @@ For break-glass scenarios only, `gateway.controlUi.dangerouslyDisableDeviceAuth`
disables device identity checks entirely. This is a severe security downgrade;
keep it off unless you are actively debugging and can revert quickly.
Separate from those dangerous flags, successful `gateway.auth.mode: "trusted-proxy"`
can admit **operator** Control UI sessions without device identity. That is an
intentional auth-mode behavior, not an `allowInsecureAuth` shortcut, and it still
does not extend to node-role Control UI sessions.
`openclaw security audit` warns when this setting is enabled.
## Insecure or dangerous flags summary

14
docs/web/control-ui.md
View File

@ -164,6 +164,12 @@ If you open the dashboard over plain HTTP (`http://<lan-ip>` or `http://<tailsca
the browser runs in a **non-secure context** and blocks WebCrypto. By default,
OpenClaw **blocks** Control UI connections without device identity.
Documented exceptions:
- localhost-only insecure HTTP compatibility with `gateway.controlUi.allowInsecureAuth=true`
- successful operator Control UI auth through `gateway.auth.mode: "trusted-proxy"`
- break-glass `gateway.controlUi.dangerouslyDisableDeviceAuth=true`
**Recommended fix:** use HTTPS (Tailscale Serve) or open the UI locally:
- `https://<magicdns>/` (Serve)
@ -203,6 +209,14 @@ OpenClaw **blocks** Control UI connections without device identity.
`dangerouslyDisableDeviceAuth` disables Control UI device identity checks and is a
severe security downgrade. Revert quickly after emergency use.
Trusted-proxy note:
- successful trusted-proxy auth can admit **operator** Control UI sessions without
device identity
- this does **not** extend to node-role Control UI sessions
- same-host loopback reverse proxies still do not satisfy trusted-proxy auth; see
[Trusted Proxy Auth](/gateway/trusted-proxy-auth)
See [Tailscale](/gateway/tailscale) for HTTPS setup guidance.
## Building the UI