farcasclaudiu/openclaw
1
0
Fork 0
mirror of https://github.com/farcasclaudiu/openclaw.git synced 2026-06-28 13:01:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix: BlueBubbles webhook auth bypass via loopback proxy trust (#13787)

Browse Source 
* fix(an-08): apply security fix

Generated by staged fix workflow.

* fix(an-08): apply security fix

Generated by staged fix workflow.

* fix(an-08): stabilize bluebubbles auth fixture for security patch

Restore the default test password in createMockAccount and add a
fallback password query in createMockRequest when auth is omitted.

This keeps the AN-08 loopback-auth regression tests strict while
preserving existing monitor behavior tests that assume authenticated
webhook fixtures.
This commit is contained in:
Coy Geek
2026-02-12 05:12:17 -08:00
committed by GitHub
parent 8dd60fc7d9
commit f836c385ff
2 changed files with 40 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files
extensions/bluebubbles/src/monitor.ts
-4
View File
@@ -1533,10 +1533,6 @@ export async function handleBlueBubblesWebhookRequest(
if (guid && guid.trim() === token) {
return true;
}
const remote = req.socket?.remoteAddress ?? "";
if (remote === "127.0.0.1" || remote === "::1" || remote === "::ffff:127.0.0.1") {
return true;
}
return false;
});