From fb4f95356945e2ddaf0fe9e04541455ff92f1e3f Mon Sep 17 00:00:00 2001
From: 0z! <162235745+0z1-ghb@users.noreply.github.com>
Date: Thu, 7 May 2026 17:03:17 +0300
Subject: [PATCH] fix: block INSECURE_NO_AUTH on non-localhost webhook bindings

---
 gateway/platforms/webhook.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/gateway/platforms/webhook.py b/gateway/platforms/webhook.py
index 34e2dfa2c5..ee59a5f03a 100644
--- a/gateway/platforms/webhook.py
+++ b/gateway/platforms/webhook.py
@@ -125,7 +125,15 @@ class WebhookAdapter(BasePlatformAdapter):
                     f"Set 'secret' on the route or globally. "
                     f"For testing without auth, set secret to '{_INSECURE_NO_AUTH}'."
                 )
-
+          # Safety rail: Prevent INSECURE_NO_AUTH on non-localhost bindings
+            if secret == _INSECURE_NO_AUTH:
+                if self._host not in ("127.0.0.1", "localhost"):
+                    raise ValueError(
+                        f"[webhook] Route '{name}' uses INSECURE_NO_AUTH secret "
+                        f"but is bound to non-localhost host '{self._host}'. "
+                        f"INSECURE_NO_AUTH is for local testing only. "
+                        f"Refusing to start to prevent accidental exposure."
+                    )
             # deliver_only routes bypass the agent — the POST body becomes a
             # direct push notification via the configured delivery target.
             # Validate up-front so misconfiguration surfaces at startup rather