fix(dev): restrict default CORS origins and WebSocket allowed origins to localhost#1222
Open
g0w6y wants to merge 1 commit into
Open
fix(dev): restrict default CORS origins and WebSocket allowed origins to localhost#1222g0w6y wants to merge 1 commit into
g0w6y wants to merge 1 commit into
Conversation
… to localhost
The dev server defaulted to a wildcard CORS policy (Access-Control-Allow-Origin: *)
and registered the /run_live WebSocket endpoint with setAllowedOrigins("*"). Any page
loaded from an arbitrary origin could therefore read HTTP responses and complete a
cross-origin WebSocket handshake against a locally running dev server, giving a remote
site read and drive access to the agent.
- AdkWebCorsProperties: change the default allowed-origins fallback from ["*"] to
["http://localhost:8080", "http://127.0.0.1:8080"] so the dev UI keeps working out
of the box while all other origins are rejected by the browser.
- WebSocketConfig: inject AdkWebCorsProperties and derive the WebSocket allowed-origins
list from the same property, eliminating the separate hardcoded wildcard and keeping
both policies in sync. Users who need a broader allowlist can set
adk.web.cors.origins explicitly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The dev server (
AdkWebServer/adk web) ships two independent wildcard origin policies:HTTP CORS –
AdkWebCorsPropertiesfalls back to["*"]when no origins are configured, so every response carriesAccess-Control-Allow-Origin: *. Any page on the internet can therefore read agent responses cross-origin.WebSocket (
/run_live) –WebSocketConfigcalls.setAllowedOrigins("*"), making the endpoint accept upgrade requests from anyOriginheader. This allows Cross-Site WebSocket Hijacking (CSWSH): a malicious page can open a live session against a dev server that is reachable from the victim's browser.Combined, these let a remote origin read HTTP responses and drive the agent over WebSocket without any user interaction beyond visiting a page.
Fix
AdkWebCorsProperties.java– change the defaultoriginsfallback from["*"]to["http://localhost:8080", "http://127.0.0.1:8080"]. The dev UI (served on the same host) continues to work; all other origins are blocked by the browser.WebSocketConfig.java– injectAdkWebCorsPropertiesand derivesetAllowedOriginsfrom the same property instead of a separate hardcoded wildcard, so both policies stay in sync. Users who need a broader origin allowlist can setadk.web.cors.originsexplicitly in their application properties.Impact
localhost:8080).adk.web.cors.origins./run_livefor all default-configuration deployments.