Skip to content

fix(ui): robust UUID generation for HTTP Control UI#133

Merged
steipete merged 1 commit intoopenclaw:mainfrom
ratulsarna:fix/ui-http-uuid
Jan 3, 2026
Merged

fix(ui): robust UUID generation for HTTP Control UI#133
steipete merged 1 commit intoopenclaw:mainfrom
ratulsarna:fix/ui-http-uuid

Conversation

@ratulsarna
Copy link
Contributor

@ratulsarna ratulsarna commented Jan 3, 2026
edited
Loading

Context

Accessing the browser Control UI over plain HTTP (e.g. legacy gateway.bind: "tailnet" / token flow like http://<tailscale-ip>:18789/ui/) can run in an insecure context where crypto.randomUUID() is unavailable, causing the UI to fail at runtime.

This comes up in the documented legacy tailnet-bind mode (see docs/control-ui.md and docs/web.md). Integrated Tailscale Serve (HTTPS) remains the recommended path.

Follow-up to #132 (closed/unmerged).

Fixes #131.

What changed

  • Add a small generateUUID() helper that prefers crypto.randomUUID(), falls back to crypto.getRandomValues(), and finally falls back to a non-crypto v4 UUID to avoid hard crashes if crypto is missing.
  • Use this helper for Gateway request IDs and chat idempotencyKey/run IDs (removes the remaining direct crypto.randomUUID() calls in the UI).

Test plan

  • pnpm -C ui test
  • pnpm -C ui build

@steipete
Copy link
Contributor

steipete commented Jan 3, 2026

Ahhhh

repeating comment from earlier PR;
Accessing the web UI via Tailscale IP over HTTP (e.g., http://100.x.x.x:18789).

crypto.randomUUID() requires a secure context (HTTPS/localhost), so the UI fails to connect when accessed this way. The fallback uses crypto.getRandomValues() which works everywhere.

Happy to close if HTTPS is the expected setup for remote access.

Yes totally makes sense. I ran into the same issue before. Thank you!

@steipete
Copy link
Contributor

steipete commented Jan 3, 2026

Is in the merge queue!

@steipete steipete merged commit 0f85080 into openclaw:main Jan 3, 2026
3 of 11 checks passed
dgarson referenced this pull request in dgarson/clawdbot Feb 7, 2026
@dgarson
docs: progressive memory system design v2 analysis (#133)
8693926
joshp123 pushed a commit to joshp123/clawdis that referenced this pull request Feb 11, 2026
@steipete
Merge pull request openclaw#133 from ratulsarna/fix/ui-http-uuid
8dc98ec 
fix(ui): robust UUID generation for HTTP Control UI
slathrop referenced this pull request in slathrop/openclaw-js Feb 11, 2026
@slathrop @claude
Paths: cross-platform OPENCLAW_HOME test normalization (#133)
9763d37 
- Replace hardcoded Unix paths with path.join(path.sep, ...) for cross-platform
- Remove skipIf(win32) from tests now that paths are platform-agnostic
- Remove itIfNotWin32 from pi-embedded-runner test

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
slathrop referenced this pull request in slathrop/openclaw-js Feb 11, 2026
@slathrop
docs(13-11): complete ChatType unification + Windows paths plan
9a7d81a 
Tasks completed: 2/2
- Task 1: ChatType unification dm -> direct (#126)
- Task 2: Windows paths + cross-platform tests (#127, #132, #133)

Phase 13 complete (11/11 plans).

SUMMARY: .planning/phases/13-paths-config-refactoring/13-11-SUMMARY.md
dgarson referenced this pull request in dgarson/clawdbot Feb 22, 2026
@dgarson
Views #133-134: EventStreamViewer, PermissionsMatrix
ebc1221
dalefrieswthat pushed a commit to dalefrieswthat/openclaw that referenced this pull request Feb 25, 2026
@dgarson
Include bootstrap file paths in truncation warning (openclaw#133)
070ff0d
@leftspin
Copy link

leftspin commented Feb 28, 2026

Starting work on this iframe sizing bug now. Investigating renderer/CSS handling for HTML content fill behavior.

@leftspin
Copy link

leftspin commented Feb 28, 2026

Progress update: applied iframe sizing fix in renderer/CSS and added html-specific content-root padding removal to avoid inset gap. Build + test run is green (55 passing). Preparing commit/push next.

@leftspin
Copy link

leftspin commented Feb 28, 2026

Ready for verification.

Pushed commit: 9a322fe4e to branch clawline-surface-electron.

What changed:

  • electron/surface/src/renderer/styles.css: changed .content-root iframe from min-height: 100% to height: 100%.
  • electron/surface/src/renderer/styles.css: added .content-root.content-root-html { padding: 0; } so HTML iframe content has no inset gap.
  • electron/surface/src/renderer/renderer.js: when rendering contentType === html, set iframe.style.height = 100% and toggle content-root-html class on the root container.

Validation:

  • npm run build passed.
  • npm test passed with 55 tests passing.

pushed to origin/clawline-surface-electron @ 9a322fe4e

zooqueen pushed a commit to hanzoai/bot that referenced this pull request Mar 6, 2026
@steipete
Merge pull request openclaw#133 from ratulsarna/fix/ui-http-uuid
dfb9584 
fix(ui): robust UUID generation for HTTP Control UI
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Web UI fails to connect over HTTP (non-HTTPS)

3 participants

@ratulsarna @steipete @leftspin