hermes-agent/hermes_cli/web_server.py at 2ababfe6edf815248daa1d123bd6568e04cfd7f4

mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-06 10:47:12 +08:00

Files

Siddharth Balyan 585d6778da fix: allow WebSocket connections from non-loopback IPs in --insecure mode (#18633 )

When the dashboard is bound to 0.0.0.0 with --insecure (e.g. behind
Tailscale Serve), WebSocket endpoints (/api/pty, /api/ws, /api/pub,
/api/events) rejected connections from non-loopback client IPs with
code 4403 — causing 'events feed disconnected' in the UI.

Extract the repeated loopback check into _ws_client_is_allowed() which
respects the public bind flag. Session token auth still guards all
endpoints regardless of bind mode.

2026-05-02 08:17:45 +05:30

151 KiB

Raw Blame History

View Raw

151 KiB Raw Blame History

151 KiB

Raw Blame History