cscott/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(route): inject Origin header for native app canvas WebSocket auth

Browse Source 
Native iOS/macOS apps do not send an Origin header in WebSocket connections.
The gateway checkBrowserOrigin() fails immediately on null origin before any
allowedOrigins check can run. Injecting Origin at the HAProxy ingress level
gives the gateway a valid origin to validate against the existing allowedOrigins
list (https://openclaw.apps.lab.apilab.us).

Related: openclaw/openclaw#24055, #35030, #35109
This commit is contained in:
Conan Scott
2026-03-13 07:22:42 +00:00
parent 514f78a118
commit d120db533a
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
manifests/route.yaml
View File

@@ -5,6 +5,14 @@ metadata:
namespace: openclaw namespace: openclaw
spec: spec:
host: openclaw.apps.lab.apilab.us host: openclaw.apps.lab.apilab.us
httpHeaders:
actions:
request:
- name: Origin
action:
type: Set
set:
value: "https://openclaw.apps.lab.apilab.us"
to: to:
kind: Service kind: Service
name: openclaw name: openclaw