chore(sync): mirror docs from openclaw/openclaw@a98a0b94d1
This commit is contained in:
parent
f6c273cad7
commit
e79d89647d
@ -1,5 +1,5 @@
|
||||
{
|
||||
"repository": "openclaw/openclaw",
|
||||
"sha": "9e5d09c962628ca9aa8dc998d33e1f02f83d11a5",
|
||||
"syncedAt": "2026-04-25T02:49:15.596Z"
|
||||
"sha": "a98a0b94d1bfa790bfdc18ed893731c7bbdcf230",
|
||||
"syncedAt": "2026-04-25T02:50:13.838Z"
|
||||
}
|
||||
|
||||
@ -176,6 +176,8 @@ Browser settings live in `~/.openclaw/openclaw.json`.
|
||||
|
||||
- Browser navigation and open-tab are SSRF-guarded before navigation and best-effort re-checked on the final `http(s)` URL afterwards.
|
||||
- In strict SSRF mode, remote CDP endpoint discovery and `/json/version` probes (`cdpUrl`) are checked too.
|
||||
- Gateway/provider `HTTP_PROXY`, `HTTPS_PROXY`, `ALL_PROXY`, and `NO_PROXY` environment variables do not automatically proxy the OpenClaw-managed browser. Managed Chrome launches direct by default so provider proxy settings do not weaken browser SSRF checks.
|
||||
- To proxy the managed browser itself, pass explicit Chrome proxy flags through `browser.extraArgs`, such as `--proxy-server=...` or `--proxy-pac-url=...`. Strict SSRF mode blocks explicit browser proxy routing unless private-network browser access is intentionally enabled.
|
||||
- `browser.ssrfPolicy.dangerouslyAllowPrivateNetwork` is off by default; enable only when private-network browser access is intentionally trusted.
|
||||
- `browser.ssrfPolicy.allowPrivateNetwork` remains supported as a legacy alias.
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user