|
|
|
|
|
|
by quietsegfault
72 days ago
|
|
|
It’s possible, and maybe even trivial, to hit a malicious website that tries to connect to the OpenClaw port on your local machine. A malicious web page runs JavaScript that makes a fetch() or XMLHttpRequest to http://localhost:CLAWPORT — your browser executes that from your machine, so it bypasses your router/firewall entirely. If OpenClaw is listening on localhost with no auth, the browser just connects to it. Same-origin policy doesn’t save you because the request originates from your own machine. |
|
|