FastAPI 0.131.0 includes Pydantic's Rust-based JSON serialization by default (PR #14962), making ORJSONResponse unnecessary. The new default serialization is 2x faster than the previous approach and eliminates the need for explicit orjson configuration.
Changes:
- Upgrade FastAPI from 0.130.0 to 0.131.0
- Remove orjson dependency (deprecated in 0.131.0)
- Remove ORJSONResponse import and configuration
- Use FastAPI's new default Pydantic-based serialization
Co-authored-by: abhi1693 <5083532+abhi1693@users.noreply.github.com>
- Add healthcheck to Redis service in compose.yml and upgrade
depends_on from service_started to service_healthy so backend
and webhook-worker wait for Redis readiness.
- Add HTTP security headers middleware (X-Content-Type-Options,
X-Frame-Options, Referrer-Policy, Permissions-Policy) to the
FastAPI backend.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The previous fix fell back to the scheme's default port (443/80) when
url.port was empty, but url.port is empty for *both* 'wss://host:443'
and 'wss://host' — causing the validation to wrongly accept a URL with
no port at all.
Fix: inspect the raw authority segment of the URL string to check
whether a ':port' component is actually present, regardless of whether
that port is the scheme default.
Add gateway-form.test.ts covering:
- explicit non-default ports (accepted)
- explicit default ports :443 / :80 (accepted — regression case)
- missing port (rejected)
- wrong scheme (rejected)
- invalid URL (rejected)
- whitespace trimming
Closes#148
JavaScript's URL API omits .port for standard ports (443 for wss:,
80 for ws:) even when explicitly specified. This caused valid URLs
like wss://host.ts.net:443 to fail validation with 'Gateway URL
must include an explicit port.'
Fix by checking default ports when url.port is empty.
Closes#148
- Fix docstring formatting in _create_ssl_context
- Break long line in provisioning.py for better readability
Co-authored-by: abhi1693 <5083532+abhi1693@users.noreply.github.com>
- Added allow_insecure_tls boolean field to Gateway model and schemas
- Created database migration for the new field
- Updated GatewayConfig to include allow_insecure_tls parameter
- Modified openclaw_call to create SSL context that disables verification when allow_insecure_tls is true
- Updated all GatewayConfig instantiations throughout the backend
- Added checkbox to frontend gateway form (create and edit pages)
- Updated API endpoints to handle the new field
Co-authored-by: abhi1693 <5083532+abhi1693@users.noreply.github.com>
Prevents external access to Redis (6379) and Postgres (5432).
Both services are internal-only - containers communicate via
Docker network, host port binding only needed for local debugging.
Flagged by DigitalOcean security scan 2026-02-22.
