Files
goose/crates
Michael Neale 86e0ced494 fix(acp): restrict CORS origins on unauthenticated ACP endpoint
The ACP transport (/acp) is served on loopback and, in CLI mode, is
unauthenticated while being able to spawn shells via the default
`developer` builtin. Its CORS layer used `allow_origin(Any)`, returning
`Access-Control-Allow-Origin: *` to any origin. This let a malicious
website the victim visits drive the agent from the browser
(CSRF -> RCE). See CWE-942.

Replace the wildcard with an origin predicate that only permits origins
legitimate local clients use:
- `null` (Electron file:// renderer)
- loopback origins (localhost, 127.0.0.1, ::1) on any scheme/port

Arbitrary web origins, including look-alikes like localhost.evil.example,
are rejected.

Also gate the test-only `clear_env` builder behind the `aws-providers`
feature (its only call sites), fixing a dead-code clippy warning that
blocked `cargo clippy --all-targets -- -D warnings`.

Fixes project-loupe/audit-goose#2
2026-06-19 13:09:24 +10:00
..