What version of Kimi Code is running?
0.20.1 (commit 54baf5d)
Which open platform/subscription were you using?
Local development / none
Which model were you using?
N/A
What platform is your computer?
Darwin 24.6.0 arm64 arm
What issue are you seeing?
When running pnpm dev:web and pnpm dev:server to debug Kimi Code Web locally, the web UI loads fine after entering the server token, but the WebSocket connection to /api/v1/ws keeps failing with a "WebSocket error" toast in the status bar.
The browser console shows the WebSocket closes with code 1006 (abnormal closure). Inspecting the handshake shows the server responds with 403 Forbidden during the WebSocket upgrade.
What steps can reproduce the bug?
- Clone the repo and run
pnpm install.
- In one terminal, run
pnpm dev:server to start the local server.
- In another terminal, run
pnpm dev:web to start the Vite dev server.
- Open Chrome at
http://localhost:5175.
- Enter the server token when prompted.
- Open or create a session.
- Observe the status bar shows "实时连接出错 / WebSocket error" and the WebSocket repeatedly reconnects.
What is the expected behavior?
The WebSocket should connect successfully in local dev mode when the browser opens http://localhost:5175 and the server binds 127.0.0.1:58627, so that streaming events work without manual workarounds.
Additional information
The root cause appears to be the Origin check added in PR #1006 (feat(server): add bearer-token auth and safe host exposure).
During the WebSocket upgrade, the browser sends:
Origin: http://localhost:5175
Vite's dev proxy forwards the request to the server with:
The server's isOriginAllowed() compares localhost and 127.0.0.1, treats them as different origins, and rejects the handshake with 403.
This only affects the WebSocket path because changeOrigin: true rewrites the Host header but does not rewrite the Origin header for WebSocket upgrades.
Upstream Vite issue for the same class of problem: vitejs/vite#16557
What version of Kimi Code is running?
0.20.1 (commit
54baf5d)Which open platform/subscription were you using?
Local development / none
Which model were you using?
N/A
What platform is your computer?
Darwin 24.6.0 arm64 arm
What issue are you seeing?
When running
pnpm dev:webandpnpm dev:serverto debug Kimi Code Web locally, the web UI loads fine after entering the server token, but the WebSocket connection to/api/v1/wskeeps failing with a "WebSocket error" toast in the status bar.The browser console shows the WebSocket closes with code
1006(abnormal closure). Inspecting the handshake shows the server responds with403 Forbiddenduring the WebSocket upgrade.What steps can reproduce the bug?
pnpm install.pnpm dev:serverto start the local server.pnpm dev:webto start the Vite dev server.http://localhost:5175.What is the expected behavior?
The WebSocket should connect successfully in local dev mode when the browser opens
http://localhost:5175and the server binds127.0.0.1:58627, so that streaming events work without manual workarounds.Additional information
The root cause appears to be the Origin check added in PR #1006 (
feat(server): add bearer-token auth and safe host exposure).During the WebSocket upgrade, the browser sends:
Vite's dev proxy forwards the request to the server with:
The server's
isOriginAllowed()compareslocalhostand127.0.0.1, treats them as different origins, and rejects the handshake with 403.This only affects the WebSocket path because
changeOrigin: truerewrites theHostheader but does not rewrite theOriginheader for WebSocket upgrades.Upstream Vite issue for the same class of problem: vitejs/vite#16557