BlueBubbles: SSRF guard blocks attachment downloads from configured localhost serverUrlΒ #27599
Description
Bug Report
OpenClaw version: 2026.2.25
Channel: BlueBubbles
OS: macOS 26.3.0 (arm64)
Summary
After updating to 2026.2.25, inbound image/file attachments from iMessage are silently dropped. The SSRF security guard blocks the attachment download from the BlueBubbles server URL even though it was explicitly configured by the user.
Gateway Log
warn security {"subsystem":"security"} blocked URL fetch (url-fetch) target=http://localhost:1234/api/v1/attachment/<guid>/download reason=Blocked hostname or private/internal/special-use IP address
Root Cause
BlueBubbles is configured with channels.bluebubbles.serverUrl: "http://localhost:1234". When an attachment arrives via webhook, the plugin fetches it from http://localhost:1234/api/v1/attachment/.../download. The SSRF guard (introduced in the "guard remote media fetches" security fix) blocks this because localhost is a private/special-use hostname β even though this URL is the user's own explicitly configured, trusted server.
Expected Behavior
The BlueBubbles plugin should trust its own configured serverUrl for attachment downloads. A user who configured serverUrl: "http://localhost:1234" has explicitly opted into that server being trusted.
Workaround
Currently none β there is no ssrfPolicy field in the channels.bluebubbles config schema, and browser.ssrfPolicy only applies to the browser tool.
Suggested Fix
Either:
- Auto-allowlist the hostname from the configured
channels.bluebubbles.serverUrlwhen fetching attachments (preferred β zero config change for users) - Expose a
channels.bluebubbles.ssrfPolicyescape hatch (e.g.,allowPrivateNetwork: trueorallowedHostnames: ["localhost"]) for users running BlueBubbles locally
This affects any user with BlueBubbles running on the same machine as the OpenClaw gateway (i.e., the standard setup).