mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-04-25 00:51:20 +00:00
fix: harden web gateway security and fix error swallowing
- Use hmac.compare_digest for timing-safe token comparison (3 endpoints) - Default bind to 127.0.0.1 instead of 0.0.0.0 - Sanitize upload filenames with Path.name to prevent path traversal - Add DOMPurify to sanitize marked.parse() output against XSS - Replace add_static with authenticated media handler - Hide token in group chats for /remote-control command - Use ctypes.util.find_library for Opus instead of hardcoded paths - Add force=True to 5 interrupt _vprint calls for visibility - Log Opus decode errors and voice restart failures instead of swallowing
This commit is contained in:
0xbyt4
parent
d646442692
commit
0ff1b4ade2
8 changed files with 59 additions and 30 deletions
|
|
@ -217,7 +217,7 @@ VOICE_TOOLS_OPENAI_KEY=
|
|||
# Access from phone/tablet/desktop at http://<your-ip>:8765
|
||||
# WEB_UI_ENABLED=false
|
||||
# WEB_UI_PORT=8765
|
||||
# WEB_UI_HOST=0.0.0.0
|
||||
# WEB_UI_HOST=127.0.0.1 # Use 0.0.0.0 to expose on LAN
|
||||
# WEB_UI_TOKEN= # Auto-generated if empty
|
||||
|
||||
# Gateway-wide: allow ALL users without an allowlist (default: false = deny)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue