romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
320b45c051
openclaw/docs/automation
History
Yuri Chukhlib 961b4adc1c
feat(gateway): deprecate query param hook token auth for security (#2200) 
* feat(gateway): deprecate query param hook token auth for security

Query parameter tokens appear in:
- Server access logs
- Browser history
- Referrer headers
- Network monitoring tools

This change adds a deprecation warning when tokens are provided via
query parameter, encouraging migration to header-based authentication
(Authorization: Bearer <token> or X-Clawdbot-Token header).

Changes:
- Modified extractHookToken to return { token, fromQuery } object
- Added deprecation warning in server-http.ts when fromQuery is true
- Updated tests to verify the new return type and fromQuery flag

Fixes #2148

Co-Authored-By: Claude <noreply@anthropic.com>

* fix: deprecate hook query token auth (#2200) (thanks @YuriNachos)

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-01-26 14:51:25 +00:00
..
auth-monitoring.md feat(models): add oauth auth health 2026-01-09 00:34:38 +00:00
cron-jobs.md feat: add system cli 2026-01-24 04:03:07 +00:00
cron-vs-heartbeat.md feat: add system cli 2026-01-24 04:03:07 +00:00
gmail-pubsub.md fix(security): prevent prompt injection via external hooks (gmail, we… (#1827) 2026-01-26 13:34:04 +00:00
poll.md refactor: require target for message actions 2026-01-17 04:15:46 +00:00
webhook.md feat(gateway): deprecate query param hook token auth for security (#2200) 2026-01-26 14:51:25 +00:00