Conan Scott
d120db533a
Native iOS/macOS apps do not send an Origin header in WebSocket connections. The gateway checkBrowserOrigin() fails immediately on null origin before any allowedOrigins check can run. Injecting Origin at the HAProxy ingress level gives the gateway a valid origin to validate against the existing allowedOrigins list (https://openclaw.apps.lab.apilab.us). Related: openclaw/openclaw#24055, #35030, #35109