The main chat endpoint is currently exposed without authentication and with permissive CORS settings, which may introduce a security risk.
This configuration allows any web page opened in a user's browser to make requests to the local agent running at:
http://localhost:18789/api/chat
If the gateway is running locally, a malicious or compromised website could potentially interact with the agent without the user's consent.
You can test this on any site by running:
fetch('http://localhost:18789/api/chat', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
message: "what is my name",
history: [],
useTools: false,
sessionId: "test"
})
})
.then(r => r.text())
.then(console.log)
.catch(console.error)
The main chat endpoint is currently exposed without authentication and with permissive CORS settings, which may introduce a security risk.
This configuration allows any web page opened in a user's browser to make requests to the local agent running at:
If the gateway is running locally, a malicious or compromised website could potentially interact with the agent without the user's consent.
You can test this on any site by running: