negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
17,337 Commits 1 Branch 0 Tags
265367d99bc8c2dd477ef39ed4cd0ced2eb82471
Commit Graph

19 Commits

Author SHA1 Message Date
ademczuk
3e9c8721fb fix(gateway): let non-GET requests fall through controlUi routing when basePath is set 
When controlUiBasePath is set, classifyControlUiRequest returned
method-not-allowed (405) for all non-GET/HEAD requests under basePath,
blocking plugin webhook handlers (BlueBubbles, Mattermost, etc.) from
receiving POST requests. This is a 2026.3.1 regression.

Return not-control-ui instead, matching the empty-basePath behavior, so
requests fall through to plugin HTTP handlers. Remove the now-dead
method-not-allowed type variant, handler branch, and utility function.

Closes #31983
Closes #32275

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-03 00:11:13 +00:00
SidQin-cyber
c4711a9b69 fix(gateway): let POST requests pass through root-mounted Control UI to plugin handlers 
The Control UI handler checked HTTP method before path routing, causing
all POST requests (including plugin webhook endpoints like /bluebubbles-webhook)
to receive 405 Method Not Allowed.  Move the method check after path-based
exclusions so non-GET/HEAD requests reach plugin HTTP handlers.

Closes #31344

Made-with: Cursor
 2026-03-02 16:06:48 +00:00
Tyler Yust
f918b336d1 fix: agent-only announce path, BB message IDs, sender identity, SSRF allowlist (#23970) 
* fix(agents): defer announces until descendant cleanup settles

* fix(bluebubbles): harden message metadata extraction

* feat(contributors): rank by composite score (commits, PRs, LOC, tenure)

* refactor(control-ui): move method guard after path checks to improve request handling

* fix subagent completion announce when only current run is pending

* fix(subagents): keep orchestrator runs active until descendants finish

* fix: prepare PR feedback follow-ups (#23970) (thanks @tyler6204)
 2026-03-01 22:52:11 -08:00
Gustavo Madeira Santana
8e69fd80e0 Gateway: harden control-ui vs plugin HTTP precedence 2026-03-01 22:38:14 -05:00
Sid
c1428e8df9 fix(gateway): prevent /api/* routes from returning SPA HTML when basePath is empty (#30333) 
Merged via squash.

Prepared head SHA: 12591f304e5db80b0a49d44b3adeecace5ce228c
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: velvet-shark <126378+velvet-shark@users.noreply.github.com>
Reviewed-by: @velvet-shark
 2026-03-01 22:23:54 +01:00
Peter Steinberger
6970c2c2db fix(gateway): harden control-ui avatar reads 2026-02-22 22:40:22 +01:00
Peter Steinberger
296b19e413 test: dedupe gateway browser discord and channel coverage 2026-02-22 17:11:54 +00:00
Peter Steinberger
b0f6f18569 test(gateway): dedupe control-ui not-found fixture assertions 2026-02-22 07:44:57 +00:00
bmendonca3
6ac89757ba Security/Gateway: harden Control UI static path containment (#21203) 
* Security/Gateway: harden Control UI static path containment

* gateway: block control-ui symlink escapes

* CI: retrigger flaky node test lane

---------

Co-authored-by: Brian Mendonca <brianmendonca@Brians-MacBook-Air.local>
 2026-02-21 23:47:51 +01:00
Peter Steinberger
4ef4aa3c10 refactor(gateway): streamline control-ui secure file serving 2026-02-21 23:36:55 +01:00
Peter Steinberger
7c500ff623 fix(security): harden control-ui static path resolution 2026-02-21 23:10:55 +01:00
Peter Steinberger
b8b43175c5 style: align formatting with oxfmt 0.33 2026-02-18 01:34:35 +00:00
Peter Steinberger
31f9be126c style: run oxfmt and fix gate failures 2026-02-18 01:29:02 +00:00
cpojer
d0cb8c19b2 chore: wtf. 2026-02-17 13:36:48 +09:00
Sebastian
ed11e93cf2 chore(format) 2026-02-16 23:20:16 -05:00
cpojer
90ef2d6bdf chore: Update formatting. 2026-02-17 09:18:40 +09:00
Peter Steinberger
93ca0ed54f refactor(channels): dedupe transport and gateway test scaffolds 2026-02-16 14:59:31 +00:00
Peter Steinberger
2f621876f1 test(gateway): cover basePath bootstrap config endpoint 2026-02-16 02:56:23 +00:00
Peter Steinberger
8985f23de7 test(gateway): move Control UI http coverage 2026-02-16 03:50:39 +01:00