From e79d89647d82fa94c1fbcf2c7864e711d4512375 Mon Sep 17 00:00:00 2001 From: "openclaw-docs-sync[bot]" Date: Sat, 25 Apr 2026 02:51:42 +0000 Subject: [PATCH] chore(sync): mirror docs from openclaw/openclaw@a98a0b94d1bfa790bfdc18ed893731c7bbdcf230 --- .openclaw-sync/source.json | 4 ++-- docs/tools/browser.md | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index a2f0e6b1f..c71590f5f 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "9e5d09c962628ca9aa8dc998d33e1f02f83d11a5", - "syncedAt": "2026-04-25T02:49:15.596Z" + "sha": "a98a0b94d1bfa790bfdc18ed893731c7bbdcf230", + "syncedAt": "2026-04-25T02:50:13.838Z" } diff --git a/docs/tools/browser.md b/docs/tools/browser.md index 2180ea4a3..1fe77fe20 100644 --- a/docs/tools/browser.md +++ b/docs/tools/browser.md @@ -176,6 +176,8 @@ Browser settings live in `~/.openclaw/openclaw.json`. - Browser navigation and open-tab are SSRF-guarded before navigation and best-effort re-checked on the final `http(s)` URL afterwards. - In strict SSRF mode, remote CDP endpoint discovery and `/json/version` probes (`cdpUrl`) are checked too. +- Gateway/provider `HTTP_PROXY`, `HTTPS_PROXY`, `ALL_PROXY`, and `NO_PROXY` environment variables do not automatically proxy the OpenClaw-managed browser. Managed Chrome launches direct by default so provider proxy settings do not weaken browser SSRF checks. +- To proxy the managed browser itself, pass explicit Chrome proxy flags through `browser.extraArgs`, such as `--proxy-server=...` or `--proxy-pac-url=...`. Strict SSRF mode blocks explicit browser proxy routing unless private-network browser access is intentionally enabled. - `browser.ssrfPolicy.dangerouslyAllowPrivateNetwork` is off by default; enable only when private-network browser access is intentionally trusted. - `browser.ssrfPolicy.allowPrivateNetwork` remains supported as a legacy alias.