openclawd/docfast
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: BUG-009 setTimeout syntax, BUG-010 CORS helmet policy, BUG-011 content-type validation

Browse source
This commit is contained in:
OpenClaw 2026-02-14 15:34:21 +00:00
parent 6891e488b6
commit d8bc3fd8e6
3 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
public/app.js
View file

@ -67,7 +67,7 @@ function copyKey() {
var key = document.getElementById('apiKeyDisplay').textContent;
navigator.clipboard.writeText(key).then(function() {
var btn = document.getElementById('apiKeyDisplay'); var origText = btn.textContent; btn.textContent = 'Copied!'; document.querySelector('.copy-hint').textContent = '✓ Copied!';
setTimeout(function() { btn.textContent = origText; document.querySelector('.copy-hint').textContent = 'Click to copy';
setTimeout(function() { btn.textContent = origText; document.querySelector('.copy-hint').textContent = 'Click to copy'; }, 2000);
});
}

2
src/index.ts
View file

@ -20,7 +20,7 @@ const PORT = parseInt(process.env.PORT || "3100", 10);
// Load API keys from persistent store
loadKeys();
app.use(helmet());
app.use(helmet({ crossOriginResourcePolicy: { policy: "cross-origin" } }));
// CORS — allow browser requests from the landing page
app.use((req, res, next) => {

6
src/routes/convert.ts
View file

@ -18,6 +18,12 @@ interface ConvertBody {
// POST /v1/convert/html
convertRouter.post("/html", async (req: Request, res: Response) => {
try {
// Reject non-JSON content types
const ct = req.headers["content-type"] || "";
if (!ct.includes("application/json")) {
res.status(415).json({ error: "Unsupported Content-Type. Use application/json." });
return;
}
const body: ConvertBody =
typeof req.body === "string" ? { html: req.body } : req.body;