APEX/BrowserUse_and_ComputerUse_skills
5
0
Fork 0
Code Issues 6 Pull requests 1 Projects 1 Releases Packages Wiki Activity Actions

fix: harden web gateway security and fix error swallowing

Browse source 
- Use hmac.compare_digest for timing-safe token comparison (3 endpoints)
- Default bind to 127.0.0.1 instead of 0.0.0.0
- Sanitize upload filenames with Path.name to prevent path traversal
- Add DOMPurify to sanitize marked.parse() output against XSS
- Replace add_static with authenticated media handler
- Hide token in group chats for /remote-control command
- Use ctypes.util.find_library for Opus instead of hardcoded paths
- Add force=True to 5 interrupt _vprint calls for visibility
- Log Opus decode errors and voice restart failures instead of swallowing
This commit is contained in:
0xbyt4 2026-03-13 15:29:18 +03:00
parent d646442692
commit 0ff1b4ade2
8 changed files with 59 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

2
gateway/config.py
View file

@ -478,7 +478,7 @@ def _apply_env_overrides(config: GatewayConfig) -> None:
config.platforms[Platform.WEB].enabled = True
config.platforms[Platform.WEB].extra.update({
"port": int(os.getenv("WEB_UI_PORT", "8765")),
"host": os.getenv("WEB_UI_HOST", "0.0.0.0"),
"host": os.getenv("WEB_UI_HOST", "127.0.0.1"),
"token": os.getenv("WEB_UI_TOKEN", ""),
})