romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cbbe9dd0a2
openclaw/docs
History
VihariKanukollu cbbe9dd0a2 security: harden credential handling, API auth, and archive extraction 
- Control UI: switch token/password from query params to URL fragments (#token=...)
  - Auto-strips after first load, never logged in server access logs
  - Added defense-in-depth headers (Referrer-Policy, X-Frame-Options, CSP, nosniff)
- macOS: "Open Dashboard" now uses fragments instead of query params
- CLI/onboarding: emit fragment links instead of query param links
- Plugin HTTP: /api/** now requires Gateway auth (fixes unauthenticated Nostr API)
  - Added config toggle gateway.plugins.http.protectApiPaths (default: true)
- Control UI: sends Authorization header for Nostr profile save/import
- Android hardening:
  - WebView: disabled mixed content, multi-window, reduced file URL privileges
  - A2UI bridge: origin validation + 64KB payload cap
  - TLS: enabled hostname verification for DNS names
- Archive extraction: block path traversal + symlink/hardlink entries
- Dependencies: upgraded tar 7.5.7, hono 4.11.7, added overrides for vulnerabilities

Breaking: Old ?token=... dashboard links no longer auto-auth; use #token=... instead
2026-01-29 16:05:38 +05:30
..
_layouts refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
assets refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
automation refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
channels Update self message trust policy in WhatsApp docs 2026-01-28 20:31:33 -05:00
cli fix: local updates for PR #3600 2026-01-28 22:00:11 -05:00
concepts fix: local updates for PR #3600 2026-01-28 22:00:11 -05:00
debug update refs 2026-01-27 13:50:46 -08:00
diagnostics refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
experiments refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
gateway fix: local updates for PR #3600 2026-01-28 22:00:11 -05:00
help security: harden credential handling, API auth, and archive extraction 2026-01-29 16:05:38 +05:30
hooks refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
images docs: add group flow diagram 2026-01-10 20:05:22 +01:00
install update refs 2026-01-27 13:50:46 -08:00
nodes refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
platforms security: harden credential handling, API auth, and archive extraction 2026-01-29 16:05:38 +05:30
plugins refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
providers fix: correct 'Venius' typo to 'Venice' in provider docs (#3638) - thanks (@jonisjongithub) 2026-01-28 23:51:43 +00:00
refactor refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
reference chore: bump beta version to 2026.1.27-beta.1 2026-01-28 01:28:16 +01:00
security docs: clarify v1++ claims (not just target lists) 2026-01-27 15:35:24 -08:00
start update refs 2026-01-27 13:50:46 -08:00
tools docs: switch skill metadata key to moltbot 2026-01-28 01:32:53 +01:00
web security: harden credential handling, API auth, and archive extraction 2026-01-29 16:05:38 +05:30
_config.yml refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
bedrock.md refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
brave-search.md refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
broadcast-groups.md refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
CNAME chore: update molt.bot domains 2026-01-27 12:21:01 +00:00
date-time.md refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
debugging.md refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
docs.json refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
environment.md refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
hooks.md docs: switch skill metadata key to moltbot 2026-01-28 01:32:53 +01:00
index.md refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
logging.md refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
multi-agent-sandbox-tools.md refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
network.md refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
northflank.mdx refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
perplexity.md refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
plugin.md refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
prose.md refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
railway.mdx refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
render.mdx refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
scripts.md refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
testing.md refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
token-use.md refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
tts.md refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
tui.md refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
vps.md refactor: rename clawdbot to moltbot with legacy compat 2026-01-27 12:21:02 +00:00
whatsapp-clawd.jpg Add WhatsApp screenshot to claude-config.md 2025-11-27 18:43:24 +01:00