fix(gateway): ignore malformed host on json routes

vincentkoc · vincentkoc · commit 462a05621014 · 2026-05-14T16:06:23.000+08:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,6 +17,7 @@ Docs: https://docs.openclaw.ai
 - CLI: lazy-load model, plugin, and device runtime helpers for command actions so parent/help output renders without importing those runtime paths.
 - Gateway/session history: carry monotonic transcript message sequence through live updates and refresh SSE history when stale sequence input would otherwise append bad incremental state. (#81474) Thanks @samzong.
 - Security/sandbox: include Windows `USERPROFILE` in the sandbox blocked home roots so credential-bearing binds (such as `.codex`, `.openclaw`, or `.ssh` under the Windows user profile) are denied even when `HOME` points at a different shell home. (#63074) Thanks @luoyanglang.
+- Gateway/OpenAI-compatible HTTP: parse shared JSON endpoint paths without trusting malformed Host headers, avoiding 500s before `/v1/chat/completions`, `/v1/responses`, and `/v1/embeddings` request handling.
 - Models config/auth: stop inferring provider env-var markers from broad `^[A-Z_][A-Z0-9_]*$` strings, and resolve config-backed provider `apiKey` values only through structured env SecretRefs (`secrets.providers[id]` / `secrets.defaults`), so unrelated env vars cannot accidentally become provider credentials. Thanks @sallyom.
 - Media fetch: skip allocating and buffering the response body for bodyless media responses (HEAD probes and 204-style empty bodies), avoiding wasted heap on streams that carry no payload. Thanks @shakkernerd.
 - CLI/onboarding: forward provider-specific auth flags (e.g. `--openai-api-key`) through the onboarding wizard so they reach provider auth methods via `ctx.opts`, letting `--openai-api-key "$OPENAI_API_KEY"` skip the redundant "use existing env var?" prompt in non-interactive harnesses. (#81669) Thanks @sjf.
diff --git a/src/gateway/http-endpoint-helpers.test.ts b/src/gateway/http-endpoint-helpers.test.ts
@@ -95,6 +95,28 @@ describe("handleGatewayPostJsonEndpoint", () => {
     });
   });
 
+  it("matches paths without trusting malformed Host headers", async () => {
+    vi.mocked(authorizeGatewayHttpRequestOrReply).mockResolvedValue({
+      trustDeclaredOperatorScopes: true,
+    });
+    vi.mocked(readJsonBodyOrError).mockResolvedValue({ ok: true });
+
+    const result = await handleGatewayPostJsonEndpoint(
+      {
+        url: "/v1/ok",
+        method: "POST",
+        headers: { host: "[" },
+      } as unknown as IncomingMessage,
+      {} as unknown as ServerResponse,
+      { pathname: "/v1/ok", auth: {} as unknown as ResolvedGatewayAuth, maxBodyBytes: 123 },
+    );
+
+    expect(result).toEqual({
+      body: { ok: true },
+      requestAuth: { trustDeclaredOperatorScopes: true },
+    });
+  });
+
   it("returns undefined and replies when required operator scope is missing", async () => {
     vi.mocked(authorizeGatewayHttpRequestOrReply).mockResolvedValue({
       trustDeclaredOperatorScopes: false,
diff --git a/src/gateway/http-endpoint-helpers.ts b/src/gateway/http-endpoint-helpers.ts
@@ -30,7 +30,7 @@ export async function handleGatewayPostJsonEndpoint(
     ) => string[];
   },
 ): Promise<false | { body: unknown; requestAuth: AuthorizedGatewayHttpRequest } | undefined> {
-  const url = new URL(req.url ?? "/", `http://${req.headers.host || "localhost"}`);
+  const url = new URL(req.url ?? "/", "http://localhost");
   if (url.pathname !== opts.pathname) {
     return false;
   }

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ export async function handleGatewayPostJsonEndpoint(`
`30`	`30`	`) => string[];`
`31`	`31`	`},`
`32`	`32`	`): Promise<false \| { body: unknown; requestAuth: AuthorizedGatewayHttpRequest } \| undefined> {`
`33`		- const url = new URL(req.url ?? "/", `http://${req.headers.host \|\| "localhost"}`);
	`33`	`+ const url = new URL(req.url ?? "/", "http://localhost");`
`34`	`34`	`if (url.pathname !== opts.pathname) {`
`35`	`35`	`return false;`
`36`	`36`	`}`