negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(gateway): support wildcard in controlUi.allowedOrigins for remote access (#31088)

Browse Source 
* fix(gateway): support wildcard in controlUi.allowedOrigins for remote access

* build: regenerate host env security policy swift

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
This commit is contained in:
Frank Yang
2026-03-02 09:11:24 +08:00
committed by GitHub
parent 654f63e8f8
commit 1636f7ff5f
2 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/gateway/origin-check.test.ts
View File

@@ -36,6 +36,15 @@ describe("checkBrowserOrigin", () => {
expect(result.ok).toBe(true);
});
it("accepts wildcard allowedOrigins", () => {
const result = checkBrowserOrigin({
requestHost: "gateway.example.com:18789",
origin: "https://any-origin.example.com",
allowedOrigins: ["*"],
});
expect(result.ok).toBe(true);
});
it("rejects missing origin", () => {
const result = checkBrowserOrigin({
requestHost: "gateway.example.com:18789",

8
src/gateway/origin-check.ts
View File

@@ -32,10 +32,10 @@ export function checkBrowserOrigin(params: {
return { ok: false, reason: "origin missing or invalid" };
}
const allowlist = (params.allowedOrigins ?? [])
.map((value) => value.trim().toLowerCase())
.filter(Boolean);
if (allowlist.includes(parsedOrigin.origin)) {
const allowlist = new Set(
(params.allowedOrigins ?? []).map((value) => value.trim().toLowerCase()).filter(Boolean),
);
if (allowlist.has("*") || allowlist.has(parsedOrigin.origin)) {
return { ok: true };
}