🦞ClawTips
← Back to library

Canvas security boundary: require token on public IP, allow IP fallback only on private/loopback

Prevents unauthorized canvas access in shared-public-IP/NAT environments. Practical rollout: verify private-network behavior, then enforce token usage for any public ingress.

GITHUBDiscovered 2026-02-14Author sumleo
Prerequisites
  • Canvas endpoint is enabled and reachable from at least one trusted client.
  • You can test from both local/private network and public ingress paths.
Steps
  1. From loopback/LAN, test canvas flow without bearer token to confirm expected local fallback behavior.
  2. From a public ingress path, repeat same request and verify it is denied without bearer token.
  3. Update client integrations to always attach bearer token for public or uncertain network paths.
  4. Record this boundary in ops runbook to avoid future accidental exposure.
Commands
openclaw gateway status
openclaw gateway restart
openclaw help
Verify

Public-IP requests without token fail, while trusted local/private scenarios continue to work as intended.

Caveats
  • Corporate VPN/proxy topologies can blur IP classification; validate with real traffic path(需验证).
  • Do not treat IP-based fallback as primary auth model; bearer token remains the robust control.
Source attribution

This tip is aggregated from community/public sources and preserved with attribution.

Open original source ↗
Visit original post