nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
openclaw/docs/gateway
History
Alberto Leal 449511484d
fix(gateway): allow ws:// to private network addresses (#28670) 
* fix(gateway): allow ws:// to RFC 1918 private network addresses

resolve ws-private-network conflicts

* gateway: keep ws security strict-by-default with private opt-in

* gateway: apply private ws opt-in in connection detail guard

* gateway: apply private ws opt-in in websocket client

* onboarding: gate private ws urls behind explicit opt-in

* gateway tests: enforce strict ws defaults with private opt-in

* onboarding tests: validate private ws opt-in behavior

* gateway client tests: cover private ws env override

* gateway call tests: cover private ws env override

* changelog: add ws strict-default security entry for pr 28670

* docs(onboard): document private ws break-glass env

* docs(gateway): add private ws env to remote guide

* docs(docker): add private ws break-glass env var

* docs(security): add private ws break-glass guidance

* docs(config): document OPENCLAW_ALLOW_PRIVATE_WS

* Update CHANGELOG.md

* gateway: normalize private-ws host classification

* test(gateway): cover non-unicast ipv6 private-ws edges

* changelog: rename insecure private ws break-glass env

* docs(onboard): rename insecure private ws env

* docs(gateway): rename insecure private ws env in config reference

* docs(gateway): rename insecure private ws env in remote guide

* docs(security): rename insecure private ws env

* docs(docker): rename insecure private ws env

* test(onboard): rename insecure private ws env

* onboard: rename insecure private ws env

* test(gateway): rename insecure private ws env in call tests

* gateway: rename insecure private ws env in call flow

* test(gateway): rename insecure private ws env in client tests

* gateway: rename insecure private ws env in client

* docker: pass insecure private ws env to services

* docker-setup: persist insecure private ws env

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 		2026-03-01 20:49:45 -08:00
..
security fix(gateway): allow ws:// to private network addresses (#28670) 2026-03-01 20:49:45 -08:00
authentication.md docs(secrets): align provider model and add exec resolver coverage 2026-02-26 14:47:22 +00:00
background-process.md Exec/ACP: inject OPENCLAW_SHELL into child shell env (#31271) 2026-03-01 20:31:06 -08:00
bonjour.md fix(security): require explicit trust for first-time TLS pins 2026-02-14 17:55:20 +01:00
bridge-protocol.md fix(security): harden discovery routing and TLS pins 2026-02-14 17:18:14 +01:00
cli-backends.md chore: apply local workspace updates (#9911) 2026-02-05 16:54:44 -05:00
configuration-examples.md docs: fix wrong Providers link in configuration examples 2026-02-26 02:41:07 -06:00
configuration-reference.md fix(gateway): allow ws:// to private network addresses (#28670) 2026-03-01 20:49:45 -08:00
configuration.md Discord: thread bindings idle + max-age lifecycle (#27845) (thanks @osolmaz) 2026-02-27 10:02:39 +01:00
discovery.md fix(security): require explicit trust for first-time TLS pins 2026-02-14 17:55:20 +01:00
doctor.md Doctor: warn when Linux state dir is on SD/eMMC mounts (#31033) 2026-03-01 16:36:01 -08:00
gateway-lock.md Docs: add nav titles across docs (#5689) 2026-01-31 15:04:03 -06:00
health.md Docs: add nav titles across docs (#5689) 2026-01-31 15:04:03 -06:00
heartbeat.md docs(heartbeat): add directPolicy to config examples 2026-02-26 03:59:38 +01:00
index.md docs(secrets): add dedicated apply plan contract page 2026-02-26 14:47:22 +00:00
local-models.md Docs: enable markdownlint autofixables except list numbering (#10476) 2026-02-06 10:08:59 -05:00
logging.md Docs: add nav titles across docs (#5689) 2026-01-31 15:04:03 -06:00
multiple-gateways.md docs(security): clarify canvas host exposure and auth 2026-02-14 14:57:19 +01:00
network-model.md fix(gateway): harden canvas auth with session capabilities 2026-02-19 15:51:22 +01:00
openai-http-api.md fix(gateway): enforce owner boundary for agent runs 2026-03-02 00:27:44 +00:00
openresponses-http-api.md fix(gateway): enforce owner boundary for agent runs 2026-03-02 00:27:44 +00:00
pairing.md Docs: add nav titles across docs (#5689) 2026-01-31 15:04:03 -06:00
protocol.md refactor!: remove versioned system-run approval contract 2026-03-02 01:12:53 +00:00
remote-gateway-readme.md refactor: replace bot.molt identifiers with ai.openclaw 2026-02-25 05:03:24 +00:00
remote.md fix(gateway): allow ws:// to private network addresses (#28670) 2026-03-01 20:49:45 -08:00
sandbox-vs-tool-policy-vs-elevated.md chore: Run `pnpm format:fix`. 2026-01-31 21:13:13 +09:00
sandboxing.md fix(security): harden sandbox novnc observer flow 2026-03-01 22:44:28 +00:00
secrets-plan-contract.md docs(secrets): add dedicated apply plan contract page 2026-02-26 14:47:22 +00:00
secrets.md docs(secrets): add dedicated apply plan contract page 2026-02-26 14:47:22 +00:00
tailscale.md fix(gateway): scope tailscale tokenless auth to websocket 2026-02-21 13:03:13 +01:00
tools-invoke-http-api.md fix: classify /tools/invoke errors and sanitize 500s (#13185) (thanks @davidrudduck) 2026-02-13 16:58:30 +01:00
troubleshooting.md docs: clarify Anthropic context1m long-context requirements 2026-03-01 22:35:26 +00:00
trusted-proxy-auth.md docs: refresh CLI and trusted-proxy docs 2026-02-25 02:40:12 +00:00