romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,320 Commits 258 Branches 39 Tags 276 MiB
cbbe9dd0a2
Commit Graph

12 Commits

Author SHA1 Message Date
VihariKanukollu
cbbe9dd0a2 security: harden credential handling, API auth, and archive extraction 
- Control UI: switch token/password from query params to URL fragments (#token=...)
  - Auto-strips after first load, never logged in server access logs
  - Added defense-in-depth headers (Referrer-Policy, X-Frame-Options, CSP, nosniff)
- macOS: "Open Dashboard" now uses fragments instead of query params
- CLI/onboarding: emit fragment links instead of query param links
- Plugin HTTP: /api/** now requires Gateway auth (fixes unauthenticated Nostr API)
  - Added config toggle gateway.plugins.http.protectApiPaths (default: true)
- Control UI: sends Authorization header for Nostr profile save/import
- Android hardening:
  - WebView: disabled mixed content, multi-window, reduced file URL privileges
  - A2UI bridge: origin validation + 64KB payload cap
  - TLS: enabled hostname verification for DNS names
- Archive extraction: block path traversal + symlink/hardlink entries
- Dependencies: upgraded tar 7.5.7, hono 4.11.7, added overrides for vulnerabilities

Breaking: Old ?token=... dashboard links no longer auto-auth; use #token=... instead
 2026-01-29 16:05:38 +05:30
Shadow
4647309c4c fix: update exe.dev install docs (#https://github.com/moltbot/moltbot/pull/3047) (thanks @zackerthescar) 2026-01-27 18:54:46 -06:00
Shaun Loo
5fe7bbeffb docs: update exe.dev install instructions 
Signed-off-by: Shaun Loo <shaun@bold.dev>
 2026-01-27 18:54:46 -06:00
Peter Steinberger
6d16a658e5 refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
Peter Steinberger
c129f0bbaa docs: align gateway service naming 2026-01-21 17:45:26 +00:00
Peter Steinberger
bf72a126d1 docs: add /help hub and Node/npm PATH guide 2026-01-16 23:10:29 +00:00
Peter Steinberger
3eb48cbea7 docs: complete channels rename sweep 2026-01-13 08:40:39 +00:00
Peter Steinberger
e0bf86f06c feat: improve gateway services and auto-reply commands 2026-01-11 02:27:16 +01:00
Peter Steinberger
da48a9907b docs: add beginner paths for docker and linux vps 2026-01-08 21:56:47 +01:00
Peter Steinberger
5565dcd447 fix: tighten gateway bind auth diagnostics 2026-01-08 08:26:40 +01:00
Peter Steinberger
19595a8f99 refactor: simplify cli commands 2026-01-08 07:16:12 +01:00
Peter Steinberger
b50ea3ec59 feat: refine providers onboarding and cli 2026-01-08 06:25:21 +01:00