HuggingClaw

Sleeping

tao-shen Claude Opus 4.6 commited on Mar 13

Commit

0b2ec75

1 Parent(s): 99ce7b7

fix: restore 302 redirect for token so frontend JS can read it from URL

Server-side URL rewrite changed req.url internally but the browser
URL stayed as '/' — OpenClaw's frontend JS reads window.location.search
for the token, so it couldn't find it and showed 'offline'. Restored
302 redirect which changes the browser URL to /?token=huggingclaw.
The iframe CSP fix (moved earlier in the code) still applies correctly.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Files changed (1) hide show

scripts/token-redirect.cjs +5 -3

scripts/token-redirect.cjs CHANGED Viewed

@@ -230,11 +230,13 @@ http.Server.prototype.emit = function (event, ...args) {
         return origEmit.apply(this, [event, ...args]);
       }
     } else {
-      // Default mode: rewrite URL to inject token (no redirect needed)
       if (req.method === 'GET' && !req.headers.upgrade) {
         if (pathname === '/' && !parsed.query.token) {
-          req.url = `/?token=${GATEWAY_TOKEN}`;
-          return origEmit.apply(this, [event, ...args]);
         }
       }
     }

         return origEmit.apply(this, [event, ...args]);
       }
     } else {
+      // Default mode: 302 redirect to inject token into browser URL
+      // (must be a redirect, not a rewrite, so frontend JS can read the token)
       if (req.method === 'GET' && !req.headers.upgrade) {
         if (pathname === '/' && !parsed.query.token) {
+          res.writeHead(302, { Location: `/?token=${GATEWAY_TOKEN}` });
+          res.end();
+          return true;
         }
       }
     }