chore(sync): mirror docs from openclaw/openclaw@a98a0b94d1

This commit is contained in:
openclaw-docs-sync[bot] 2026-04-25 02:51:42 +00:00
parent f6c273cad7
commit e79d89647d
2 changed files with 4 additions and 2 deletions

View File

@ -1,5 +1,5 @@
{
"repository": "openclaw/openclaw",
"sha": "9e5d09c962628ca9aa8dc998d33e1f02f83d11a5",
"syncedAt": "2026-04-25T02:49:15.596Z"
"sha": "a98a0b94d1bfa790bfdc18ed893731c7bbdcf230",
"syncedAt": "2026-04-25T02:50:13.838Z"
}

View File

@ -176,6 +176,8 @@ Browser settings live in `~/.openclaw/openclaw.json`.
- Browser navigation and open-tab are SSRF-guarded before navigation and best-effort re-checked on the final `http(s)` URL afterwards.
- In strict SSRF mode, remote CDP endpoint discovery and `/json/version` probes (`cdpUrl`) are checked too.
- Gateway/provider `HTTP_PROXY`, `HTTPS_PROXY`, `ALL_PROXY`, and `NO_PROXY` environment variables do not automatically proxy the OpenClaw-managed browser. Managed Chrome launches direct by default so provider proxy settings do not weaken browser SSRF checks.
- To proxy the managed browser itself, pass explicit Chrome proxy flags through `browser.extraArgs`, such as `--proxy-server=...` or `--proxy-pac-url=...`. Strict SSRF mode blocks explicit browser proxy routing unless private-network browser access is intentionally enabled.
- `browser.ssrfPolicy.dangerouslyAllowPrivateNetwork` is off by default; enable only when private-network browser access is intentionally trusted.
- `browser.ssrfPolicy.allowPrivateNetwork` remains supported as a legacy alias.