Conan Scott
d120db533a
Native iOS/macOS apps do not send an Origin header in WebSocket connections. The gateway checkBrowserOrigin() fails immediately on null origin before any allowedOrigins check can run. Injecting Origin at the HAProxy ingress level gives the gateway a valid origin to validate against the existing allowedOrigins list (https://openclaw.apps.lab.apilab.us). Related: openclaw/openclaw#24055, #35030, #35109
26 lines
493 B
YAML
26 lines
493 B
YAML
apiVersion: route.openshift.io/v1
|
|
kind: Route
|
|
metadata:
|
|
name: openclaw
|
|
namespace: openclaw
|
|
spec:
|
|
host: openclaw.apps.lab.apilab.us
|
|
httpHeaders:
|
|
actions:
|
|
request:
|
|
- name: Origin
|
|
action:
|
|
type: Set
|
|
set:
|
|
value: "https://openclaw.apps.lab.apilab.us"
|
|
to:
|
|
kind: Service
|
|
name: openclaw
|
|
weight: 100
|
|
port:
|
|
targetPort: http
|
|
tls:
|
|
termination: edge
|
|
insecureEdgeTerminationPolicy: Redirect
|
|
wildcardPolicy: None
|