[Bug]: Origin validation fails for custom URL schemes (tauri://, electron://)

[mosidevv]

Bug type

Behavior bug (incorrect output/state without crash)

Summary

The gateway.controlUi.allowedOrigins configuration works with wildcard ("*") but rejects specific origins when the connecting client uses a non-standard URL scheme like tauri:// (Tauri apps) or electron:// (Electron apps).

Steps to reproduce

1. Configure allowedOrigins with a specific Tauri origin:

   "gateway": {
     "controlUi": {
       "allowedOrigins": [
         "tauri://localhost",
         "https://example.com"
       ]
     }
   }
   

2. Launch Control UI from a Tauri desktop app
3. WebSocket connection fails with:
   {"cause":"origin-mismatch","reason":"origin not allowed","origin":"tauri://localhost"}

Expected behavior

• Specific origins should work regardless of URL scheme
• tauri://localhost should be accepted when listed in allowedOrigins

Actual behavior

• Only wildcard "*" works for custom schemes
• Specific custom-scheme origins are rejected
• Error message is unclear about the root cause

OpenClaw version

2026.03.13

Operating system

macOS 26.3.1 (Remote control node) / Ubuntu 22.04.5 (Gateway)

Install method

npm global

Model

kimi-k2.5

Provider / routing chain

ws connection request -> main gateway server -> ws-connection -> checkBrowserOrigin

Config file / key location

No response

Additional provider/model setup details

No response

Logs, screenshots, and evidence

18:22:47 warn gateway/ws {"subsystem":"gateway/ws"} {"cause":"origin-mismatch","handshake":"failed","durationMs":277,"lastFrameType":"req","lastFrameMethod":"connect","lastFrameId":"108","host":"tardis.cloudforest-wezen.ts.net","origin":"tauri://localhost","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko)","forwardedFor":"127.0.0.1","reason":"origin not allowed","client":"openclaw-control-ui","mode":"backend","version":"0.1.0"} closed before connect conn=17ff2555-702f-4c8a-8720-a6edf30ef4d4 remote=127.0.0.1 fwd=127.0.0.1 origin=tauri://localhost host=tardis.cloudforest-wezen.ts.net ua=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) code=1008 reason=origin not allowed (open the Control UI from the gateway host or allow it in gateway.controlUi.allowedOrigins)

Impact and severity

Impact

• Tauri/Electron desktop apps can't use proper origin allowlisting
• Gateway deployments are forced to choose between security and functionality

Additional information

Root Cause

parseOrigin() in src/gateway/origin-check.ts uses JavaScript's new URL() API, which only recognizes standard URL schemes (http, https, ws, wss, ftp, file). When it
encounters tauri://localhost, it throws an exception and returns null, causing validation to fail.

The wildcard works because it's checked before parsing: if (allowlist.has("*") || allowlist.has(parsedOrigin.origin))

Current Workaround

Use "*" in allowedOrigins, but this is a security regression.

[ishangodawatta]

I can take this one. I verified current main still normalizes custom-scheme Origin values like tauri://localhost to the opaque null origin, so exact gateway.controlUi.allowedOrigins entries cannot match. I’ll send a narrow PR with regression coverage for custom-scheme allowlist matching.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Summary
Keep open. Current main still normalizes custom-scheme Origin headers through URL.origin, which becomes null, and open PR #73511 is the active closing implementation candidate for this issue.

Reproducibility: yes. The deterministic source path is new URL("tauri://localhost").origin === "null", followed by exact allowlist comparison against parsedOrigin.origin in checkBrowserOrigin.

Next step
No separate repair job should be queued because open PR #73511 already references this issue with closing syntax; the next action is normal maintainer review or landing of that PR.

Security
Needs attention: The issue remains security-relevant because the current bug can force operators from exact Control UI origin allowlisting toward wildcard allowlisting.

Review details

Best possible solution:

Land PR #73511 or an equivalent narrow parser-level fix with regression tests for allowlisted and unlisted custom-scheme origins while preserving literal Origin: null, malformed-origin, host-header fallback, and local-loopback behavior.

Do we have a high-confidence way to reproduce the issue?

Yes. The deterministic source path is new URL("tauri://localhost").origin === "null", followed by exact allowlist comparison against parsedOrigin.origin in checkBrowserOrigin.

Is this the best way to solve the issue?

Yes. The narrowest maintainable fix is to preserve hosted custom-scheme origins during parser normalization and cover that helper directly, rather than broadening wildcard or Host-header fallback behavior.

Security concerns:

• [medium] Wildcard workaround weakens origin policy — src/security/audit-gateway-config.ts:162
  Current main cannot match exact custom-scheme origins, while gateway.controlUi.allowedOrigins: ["*"] is audited as disabling Control UI/WebChat origin allowlisting.
  Confidence: 0.92

What I checked:

• Current parser normalizes through URL.origin: parseOrigin constructs new URL(trimmed) and stores url.origin, so hosted non-special schemes become the opaque origin string before allowlist matching. (src/gateway/origin-check.ts:22, 8e79392dccf4)
• Allowlist compares only parsed origin: checkBrowserOrigin accepts wildcard or allowlist.has(parsedOrigin.origin), so tauri://localhost cannot match after parsing produced null. (src/gateway/origin-check.ts:50, 8e79392dccf4)
• Node URL behavior reproduces root cause: Node reports tauri://localhost => origin=null host=localhost and electron://app => origin=null host=app. (8e79392dccf4)
• WebSocket Control UI path enforces helper: The connect handler passes request Origin and gateway.controlUi.allowedOrigins into checkBrowserOrigin and closes with an origin-not-allowed failure when it rejects. (src/gateway/server/ws-connection/message-handler.ts:520, 8e79392dccf4)
• Regression coverage missing on main: The current origin-check table covers HTTP(S), wildcard, malformed origins, loopback fallback, and mismatches, but no tauri:// or electron:// cases are present. (src/gateway/origin-check.test.ts:5, 8e79392dccf4)
• Wildcard workaround is security-sensitive: The security audit flags gateway.controlUi.allowedOrigins containing * as disabling Control UI/WebChat origin allowlisting. (src/security/audit-gateway-config.ts:162, 8e79392dccf4)

Likely related people:

• IshanG97: Verified the current-main failure in the issue discussion and opened PR fix: allow custom control UI origins #73511 with a focused parser, regression test, and changelog fix. (role: open implementation candidate owner; confidence: medium; commits: 5d19030888d5; files: src/gateway/origin-check.ts, src/gateway/origin-check.test.ts, CHANGELOG.md)
• Peter Steinberger: Recent reachable history shows repeated gateway WebSocket auth, origin/security utility, and normalization refactors near the affected path. (role: recent gateway auth/origin maintainer; confidence: medium; commits: bf40baaa4dfa, 037340d28795, 2cd11565a628; files: src/gateway/server/ws-connection/message-handler.ts, src/gateway/origin-check.ts, src/security/audit-gateway-config.ts)
• @openclaw/openclaw-secops: CODEOWNERS assigns src/security and gateway auth/security-sensitive paths to this team, and this issue affects Control UI origin allowlisting semantics. (role: security-sensitive gateway routing owner; confidence: medium; files: .github/CODEOWNERS, src/security/audit-gateway-config.ts, src/gateway/server/ws-connection/message-handler.ts)

Remaining risk / open question:

• Until PR fix: allow custom control UI origins #73511 or an equivalent fix lands, affected desktop Control UI wrappers may be pushed toward wildcard origin allowlisting, which the security audit treats as a weakened policy.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 8e79392dccf4.