openclaw

cscott/openclaw

Fork 0

Commit Graph

Author	SHA1	Message	Date
Conan Scott	d120db533a	fix(route): inject Origin header for native app canvas WebSocket auth Native iOS/macOS apps do not send an Origin header in WebSocket connections. The gateway checkBrowserOrigin() fails immediately on null origin before any allowedOrigins check can run. Injecting Origin at the HAProxy ingress level gives the gateway a valid origin to validate against the existing allowedOrigins list (https://openclaw.apps.lab.apilab.us). Related: openclaw/openclaw#24055, #35030, #35109	2026-03-13 07:22:42 +00:00
Clawdbot	46bf054e0b	Initial OpenClaw GitOps skeleton	2026-01-30 10:18:11 +00:00

Author

SHA1

Message

Date

Conan Scott

d120db533a

fix(route): inject Origin header for native app canvas WebSocket auth

Native iOS/macOS apps do not send an Origin header in WebSocket connections.
The gateway checkBrowserOrigin() fails immediately on null origin before any
allowedOrigins check can run. Injecting Origin at the HAProxy ingress level
gives the gateway a valid origin to validate against the existing allowedOrigins
list (https://openclaw.apps.lab.apilab.us).

Related: openclaw/openclaw#24055, #35030, #35109

2026-03-13 07:22:42 +00:00

Clawdbot

46bf054e0b

Initial OpenClaw GitOps skeleton

2026-01-30 10:18:11 +00:00

2 Commits