fix: allow WebSocket connections from non-loopback IPs in --insecure mode#18633
Merged
Conversation
…mode When the dashboard is bound to 0.0.0.0 with --insecure (e.g. behind Tailscale Serve), WebSocket endpoints (/api/pty, /api/ws, /api/pub, /api/events) rejected connections from non-loopback client IPs with code 4403 — causing 'events feed disconnected' in the UI. Extract the repeated loopback check into _ws_client_is_allowed() which respects the public bind flag. Session token auth still guards all endpoints regardless of bind mode.
nickdlkk
pushed a commit
to nickdlkk/hermes-agent
that referenced
this pull request
May 11, 2026
…mode (NousResearch#18633) When the dashboard is bound to 0.0.0.0 with --insecure (e.g. behind Tailscale Serve), WebSocket endpoints (/api/pty, /api/ws, /api/pub, /api/events) rejected connections from non-loopback client IPs with code 4403 — causing 'events feed disconnected' in the UI. Extract the repeated loopback check into _ws_client_is_allowed() which respects the public bind flag. Session token auth still guards all endpoints regardless of bind mode.
jsboige
pushed a commit
to jsboige/hermes-agent
that referenced
this pull request
May 14, 2026
…mode (NousResearch#18633) When the dashboard is bound to 0.0.0.0 with --insecure (e.g. behind Tailscale Serve), WebSocket endpoints (/api/pty, /api/ws, /api/pub, /api/events) rejected connections from non-loopback client IPs with code 4403 — causing 'events feed disconnected' in the UI. Extract the repeated loopback check into _ws_client_is_allowed() which respects the public bind flag. Session token auth still guards all endpoints regardless of bind mode.
dannyJ848
pushed a commit
to dannyJ848/hermes-agent
that referenced
this pull request
May 17, 2026
…mode (NousResearch#18633) When the dashboard is bound to 0.0.0.0 with --insecure (e.g. behind Tailscale Serve), WebSocket endpoints (/api/pty, /api/ws, /api/pub, /api/events) rejected connections from non-loopback client IPs with code 4403 — causing 'events feed disconnected' in the UI. Extract the repeated loopback check into _ws_client_is_allowed() which respects the public bind flag. Session token auth still guards all endpoints regardless of bind mode.
19 tasks
1 task
3 tasks
gweeteve
pushed a commit
to gweeteve/hermes-agent
that referenced
this pull request
Jun 2, 2026
…mode (NousResearch#18633) When the dashboard is bound to 0.0.0.0 with --insecure (e.g. behind Tailscale Serve), WebSocket endpoints (/api/pty, /api/ws, /api/pub, /api/events) rejected connections from non-loopback client IPs with code 4403 — causing 'events feed disconnected' in the UI. Extract the repeated loopback check into _ws_client_is_allowed() which respects the public bind flag. Session token auth still guards all endpoints regardless of bind mode.
Egavasyug
pushed a commit
to Egavasyug/hermes-agent
that referenced
this pull request
Jun 10, 2026
…mode (NousResearch#18633) When the dashboard is bound to 0.0.0.0 with --insecure (e.g. behind Tailscale Serve), WebSocket endpoints (/api/pty, /api/ws, /api/pub, /api/events) rejected connections from non-loopback client IPs with code 4403 — causing 'events feed disconnected' in the UI. Extract the repeated loopback check into _ws_client_is_allowed() which respects the public bind flag. Session token auth still guards all endpoints regardless of bind mode.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
When running
hermes dashboard --host 0.0.0.0 --insecurebehind a reverse proxy (e.g. Tailscale Serve), the dashboard page loads but WebSocket connections to/api/pty,/api/ws,/api/pub, and/api/eventsare rejected with close code 4403. This causes the "events feed disconnected" error in the UI — tool calls don't appear in the sidebar.The
--insecureflag bypasses the Host header middleware but the WebSocket endpoints have an independent hardcoded loopback-only check on the client IP that doesn't respect the bind mode.Fix
_ws_client_is_allowed(ws)helper (DRY)0.0.0.0/::(public bind /--insecure), skip the client IP restrictionTesting
tests/hermes_cli/test_web_server_host_header.py— 8/8 passtests/hermes_cli/WS/PTY tests — 306 passed, 1 skipped