From dabeacb2479226370e2828b15ef4cec337f42af8 Mon Sep 17 00:00:00 2001 From: ABILASH K B Date: Mon, 25 May 2026 22:30:07 +0530 Subject: [PATCH 1/2] docs: document insecure git access env var --- openhands/usage/environment-variables.mdx | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/openhands/usage/environment-variables.mdx b/openhands/usage/environment-variables.mdx index 85124c03..2245ca97 100644 --- a/openhands/usage/environment-variables.mdx +++ b/openhands/usage/environment-variables.mdx @@ -166,6 +166,21 @@ These variables correspond to the `[security]` section in `config.toml`: ## Integration Variables +### Git Provider Access +| Environment Variable | Type | Default | Description | +|---------------------|------|---------|-------------| +| `ALLOW_INSECURE_GIT_ACCESS` | boolean | `false` | Allow OpenHands to connect to git providers over plain HTTP. Set this only for trusted local or internal Gitea/Forgejo instances where HTTPS is not available. | + + + `ALLOW_INSECURE_GIT_ACCESS=true` permits insecure HTTP connections to git providers. Only enable it for trusted local or internal networks that you control. Do not use it for public or untrusted git providers. + + +When running OpenHands with Docker, set this on the OpenHands server container: + +```bash +docker run -e ALLOW_INSECURE_GIT_ACCESS=true openhands/openhands +``` + ### GitHub Integration | Environment Variable | Type | Default | Description | |---------------------|------|---------|-------------| @@ -249,4 +264,4 @@ export DEBUG_RUNTIME=true docker run -e LLM_API_KEY="your-key" -e DEBUG=true openhands/openhands ``` -6. **Validation**: Invalid environment variable values will be logged as errors and fall back to defaults. \ No newline at end of file +6. **Validation**: Invalid environment variable values will be logged as errors and fall back to defaults. From 33cca9483b45d2ad1ea9e3b3bb0ef0efe0a83ee6 Mon Sep 17 00:00:00 2001 From: ABILASH K B Date: Thu, 28 May 2026 12:03:38 +0530 Subject: [PATCH 2/2] docs: generalize insecure git provider wording --- openhands/usage/environment-variables.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openhands/usage/environment-variables.mdx b/openhands/usage/environment-variables.mdx index 2245ca97..2e793af3 100644 --- a/openhands/usage/environment-variables.mdx +++ b/openhands/usage/environment-variables.mdx @@ -169,7 +169,7 @@ These variables correspond to the `[security]` section in `config.toml`: ### Git Provider Access | Environment Variable | Type | Default | Description | |---------------------|------|---------|-------------| -| `ALLOW_INSECURE_GIT_ACCESS` | boolean | `false` | Allow OpenHands to connect to git providers over plain HTTP. Set this only for trusted local or internal Gitea/Forgejo instances where HTTPS is not available. | +| `ALLOW_INSECURE_GIT_ACCESS` | boolean | `false` | Allow OpenHands to connect to git providers over plain HTTP. Set this only for trusted local or internal git providers (such as Gitea/Forgejo) where HTTPS is not available. | `ALLOW_INSECURE_GIT_ACCESS=true` permits insecure HTTP connections to git providers. Only enable it for trusted local or internal networks that you control. Do not use it for public or untrusted git providers.