惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Forbes - Security
Forbes - Security
A
Arctic Wolf
M
MIT News - Artificial intelligence
T
Threat Research - Cisco Blogs
T
The Exploit Database - CXSecurity.com
C
CERT Recently Published Vulnerability Notes
NISL@THU
NISL@THU
L
Lohrmann on Cybersecurity
Martin Fowler
Martin Fowler
A
About on SuperTechFans
P
Palo Alto Networks Blog
Project Zero
Project Zero
The GitHub Blog
The GitHub Blog
WordPress大学
WordPress大学
Blog — PlanetScale
Blog — PlanetScale
博客园_首页
大猫的无限游戏
大猫的无限游戏
Cisco Talos Blog
Cisco Talos Blog
P
Proofpoint News Feed
D
DataBreaches.Net
Cyberwarzone
Cyberwarzone
T
Tor Project blog
IT之家
IT之家
P
Proofpoint News Feed
Help Net Security
Help Net Security
S
Securelist
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
CXSECURITY Database RSS Feed - CXSecurity.com
Microsoft Azure Blog
Microsoft Azure Blog
V2EX - 技术
V2EX - 技术
K
Kaspersky official blog
Hugging Face - Blog
Hugging Face - Blog
MongoDB | Blog
MongoDB | Blog
B
Blog
N
News and Events Feed by Topic
The Cloudflare Blog
S
Schneier on Security
P
Privacy & Cybersecurity Law Blog
T
The Blog of Author Tim Ferriss
Recorded Future
Recorded Future
Last Week in AI
Last Week in AI
The Last Watchdog
The Last Watchdog
Hacker News - Newest:
Hacker News - Newest: "LLM"
L
LangChain Blog
I
InfoQ
F
Full Disclosure
The Register - Security
The Register - Security
阮一峰的网络日志
阮一峰的网络日志
H
Hacker News: Front Page
V
V2EX

Recent Commits to openclaw:main

test: merge chat side-result checks · openclaw/openclaw@ddd2c2a test: merge cron history checks · openclaw/openclaw@f7eb746 test: merge responsive navigation shell checks · openclaw/openclaw@c2e4b47 docs(changelog): add codex oauth fixes · openclaw/openclaw@628e6cd test: merge navigation routing cases · openclaw/openclaw@5d8cecb Tests: mock channel registry bundled fallback · openclaw/openclaw@2b08233 Secrets: avoid broad web search discovery for single plugin config · openclaw/openclaw@a464f59 test: merge config view browser checks · openclaw/openclaw@20cf511 fix(status): align oauth health with runtime · openclaw/openclaw@eed7116 feat: add macOS screen snapshots for monitor preview (#67954) thanks … · openclaw/openclaw@f377db1 fix: report shared auth scopes in hello-ok (#67810) thanks @BunsDev · openclaw/openclaw@0b6c39b Auto-reply: avoid eager bundled route fallback · openclaw/openclaw@3ea1bf4 Tests: narrow session binding contract setup · openclaw/openclaw@54e4e16 fix(macOS): enable undo/redo in webchat composer text input (#34962) · openclaw/openclaw@00951dc Tests: speed up channel setup promotion · openclaw/openclaw@82b529a Docs: refresh agent instructions · openclaw/openclaw@5775fe2 fix(auth): serialize OAuth refresh across agents to fix #26322 (#67876) · openclaw/openclaw@8e79080 test: allow ollama public surface boundary test · openclaw/openclaw@7d4f1a6 Docs: add test performance guardrails · openclaw/openclaw@89706d3 Tests: restore context-engine usage proof · openclaw/openclaw@e4c4f95 Tests: slim context engine runtime coverage · openclaw/openclaw@74c198f ci: retry failed custom checkouts · openclaw/openclaw@0ee5baf test: trim duplicate provider auth onboarding cases · openclaw/openclaw@1ffc02e matrix: fix sessions_spawn --thread subagent session spawning (#67643) · openclaw/openclaw@1ce2596 test: reduce auth choice fixture churn · openclaw/openclaw@857b9cd test: mock health status config boundaries · openclaw/openclaw@9d5ab4a test: mock onboard config io boundary · openclaw/openclaw@299694d test: mock legacy state plugin boundaries · openclaw/openclaw@2713089 test: mock channel install boundaries · openclaw/openclaw@b945248 test: mock doctor preview channel boundaries · openclaw/openclaw@b1a3ad4 test: trim doctor command hotspots · openclaw/openclaw@c66f16a test: isolate agent auth and spawn hotspots · openclaw/openclaw@9285935 test: stabilize MCP startup disposal race · openclaw/openclaw@dd9d2eb test: merge browser contract server suites · openclaw/openclaw@5817a76 test: narrow ollama provider discovery setup · openclaw/openclaw@a0d9598 build: declare qa-lab aimock runtime dependency · openclaw/openclaw@24431e5 test: speed up safe-bins exec harness · openclaw/openclaw@ee856ab test: preserve tool helpers in embedded runner mocks · openclaw/openclaw@acd86a0 refactor: move memory embeddings into provider plugins · openclaw/openclaw@77e6e4c test: reuse system-run temp fixtures · openclaw/openclaw@7e9ff0f test: trim hotspot wait overhead · openclaw/openclaw@12a59b0 Check: avoid duplicate boundary prep · openclaw/openclaw@baf11b8 test: reduce hotspot fixture overhead · openclaw/openclaw@3a59edd feat(ui): overhaul settings and slash command UX (#67819) thanks @Bun… · openclaw/openclaw@2cfb660 QA Matrix: exit cleanly on failure · openclaw/openclaw@42805d2 QA Matrix: isolate scenario coverage · openclaw/openclaw@7e659e1 Matrix: refresh crypto bootstrap state · openclaw/openclaw@94081d8 QA Lab: add provider registry · openclaw/openclaw@bb7e982 Matrix: add plugin changelog · openclaw/openclaw@4acab55 test: trim more hotspot overhead · openclaw/openclaw@f485311 test: trim remaining hotspot tests · openclaw/openclaw@6ba8626 test: narrow hotspot mocks · openclaw/openclaw@dbc8179 test: isolate gemini embedding request helpers · openclaw/openclaw@cd330f5 test: trim memory and mcp hotspots · openclaw/openclaw@fd48dfa test: slim provider registry mocks · openclaw/openclaw@2e08c77 test: harden Parallels update smoke · openclaw/openclaw@1a98090 feat: default Anthropic to Opus 4.7 · openclaw/openclaw@628b454 fix: harden node-host shell payload mutability checks · openclaw/openclaw@75c551e fix: land node-host approval binding for native binaries (#66731) (th… · openclaw/openclaw@29919bb CI: add daily schedule to CodeQL workflow (#67645) · openclaw/openclaw@69d25f5 fix(gateway): capture config hash after plugin auto-enable to prevent… · openclaw/openclaw@8c11210 fix: repair sanitized replay tool results before send (#67620) (thank… · openclaw/openclaw@c3c7a99 fix: restrict HTML timeout short-circuit to transient statuses · openclaw/openclaw@de129a6 fix: keep TUI watchdog bound to active run (#67401) (thanks @xantorres) · openclaw/openclaw@3525273 Gateway/skills: dedupe skills prefix-match + drop dead fallback on log · openclaw/openclaw@d7f489f Extensions/lmstudio: back off inference preload after consecutive fai… · openclaw/openclaw@b555214 TUI/streaming: add watchdog that resets the activity indicator after … · openclaw/openclaw@f44ab20 Agents/tool-loop: enable unknown-tool stream guard by default · openclaw/openclaw@36ed367 Gateway/skills: invalidate session skills snapshot on config write · openclaw/openclaw@b23d59a fix: classify HTML provider error pages correctly (#67642) (thanks @s… · openclaw/openclaw@e588e90 fix(skills): remove unused model-usage import (#67641) · openclaw/openclaw@55f05df docs(changelog): credit codex fix superseded PRs · openclaw/openclaw@e485f24 fix(openai-codex): normalize stale transport metadata in resolution a… · openclaw/openclaw@90801ba CI: pin Docker-related GitHub Actions (#67632) · openclaw/openclaw@f697b01 Android: modernize WebView and discovery API usage (#67627) · openclaw/openclaw@44a6e50 fix(deps): bump hono to 4.12.14 and @hono/node-server to 1.19.14 (GHS… · openclaw/openclaw@fbccc18 fix(deps): bump dompurify to 3.4.0 (#67614) · openclaw/openclaw@2c2dc00 CI: add explicit permissions to all workflow jobs (fixes code-scannin… · openclaw/openclaw@01b7516 fix: register bundled TTS providers and route overrides correctly (#6… · openclaw/openclaw@6ea3cdd fix: align host tilde paths with OS home (#62804) (thanks @stainlu) · openclaw/openclaw@ecfaf64 fix: flush creds queue before reconnect socket open (#67464) (thanks … · openclaw/openclaw@405c63f fix: strip standalone <function> tool call tags from visible text (#6… · openclaw/openclaw@78df859 fix(agents): preserve cli session metadata before transcript persist … · openclaw/openclaw@898fd04 docs(changelog): move cli transcript entry · openclaw/openclaw@c1817c6 fix(agents): normalize cli transcript api field · openclaw/openclaw@3a3fae0 docs(changelog): note cli transcript persistence · openclaw/openclaw@6c343f1 fix(agents): persist cli transcript turns · openclaw/openclaw@b8ef507 fix(msteams): harden security-sensitive flows (#65841) · openclaw/openclaw@c56b56e [Dashboard] Fix exec approval modal overflow for long command content… · openclaw/openclaw@053c5b0 Docs: remove QA changelog entry · openclaw/openclaw@7fd5771 QA: fix private runtime source loading (#67428) · openclaw/openclaw@d5933af docs(gateway): correct protocol.md schema path, hello-ok example, aut… · openclaw/openclaw@489404d CI: pin Node 22 runners to 22.18.0 · openclaw/openclaw@4ffa621 models.authStatus: normalize provider ids + tighten env-backed escape… · openclaw/openclaw@f2fdb9d Update CHANGELOG.md · openclaw/openclaw@7694a92 test(parallels): clean up npm update guard jobs · openclaw/openclaw@045ea7b Plugins: prefer scanDir override paths · openclaw/openclaw@b2974da fix(dreaming): default storage.mode to "separate" so phase blocks sto… · openclaw/openclaw@8c392f0 fix(memory-core): skip dreaming transcript ingestion via session stor… · openclaw/openclaw@a1b01f0 fix: dedupe replayed exec.finished node events (#67281) · openclaw/openclaw@5dcf526
fix(control-ui): allow configured chat message width · openclaw/openclaw@5fce2f6
BunsDev · 2026-05-02 · via Recent Commits to openclaw:main
Original file line numberDiff line numberDiff line change

@@ -13,6 +13,7 @@ Docs: https://docs.openclaw.ai

1313
1414

### Fixes

1515
16+

- Control UI: allow deployments to configure grouped chat message max-width with a validated `gateway.controlUi.chatMessageMaxWidth` setting instead of patching bundled CSS after upgrades. Fixes #67935. Thanks @xiew4589-lang.

1617

- Control UI/sessions: bound the default Sessions tab query to recent activity and fewer rows, avoiding expensive full-history loads while keeping filters editable. Fixes #76050. (#76051) Thanks @Neomail2.

1718

- Plugins/doctor: repair missing configured provider and channel plugins from ClawHub before npm fallback, preserving ClawPack metadata in the install record. Thanks @vincentkoc.

1819

- Gateway/channels: cap startup fanout at four channel/account handoffs and recover from Bonjour ciao self-probe races, reducing Windows startup stalls with many Telegram accounts. Fixes #75687.

Original file line numberDiff line numberDiff line change

@@ -1,4 +1,4 @@

1-

f3a0cf57605c6c25ce162080d2631c0256018c2ec128383d521153f65e69a699 config-baseline.json

2-

711b933e8748fe220d4be1bcc7df74503ab9c5973e967839302b8c5c773ecebf config-baseline.core.json

1+

cf956c5e58ec0e36cf47708b0cd42fa34b1f39d0da951de343be0ba6e5b28168 config-baseline.json

2+

057e444dfc78472bac172d9d8a7bd9c9a40f9ca4755268307cfcbd7e87a4d932 config-baseline.core.json

33

a2a949a99f5cc5960d4d7ae0159b6b48c4d6b1f813be67cda196457ab2f88034 config-baseline.channel.json

44

fffe0e74eab92a88c3c57952a70bc932438ce3a7f5f9982688437f2cdaee0bcb config-baseline.plugin.json

Original file line numberDiff line numberDiff line change

@@ -366,6 +366,7 @@ See [Plugins](/tools/plugin).

366366

// root: "dist/control-ui",

367367

// embedSandbox: "scripts", // strict | scripts | trusted

368368

// allowExternalEmbedUrls: false, // dangerous: allow absolute external http(s) embed URLs

369+

// chatMessageMaxWidth: "min(1280px, 82%)", // optional grouped chat message max-width

369370

// allowedOrigins: ["https://control.example.com"], // required for non-loopback Control UI

370371

// dangerouslyAllowHostHeaderOriginFallback: false, // dangerous Host-header origin fallback mode

371372

// allowInsecureAuth: false,

@@ -427,6 +428,7 @@ See [Plugins](/tools/plugin).

427428

lock out a different origin.

428429

- `tailscale.mode`: `serve` (tailnet only, loopback bind) or `funnel` (public, requires auth).

429430

- `controlUi.allowedOrigins`: explicit browser-origin allowlist for Gateway WebSocket connects. Required when browser clients are expected from non-loopback origins.

431+

- `controlUi.chatMessageMaxWidth`: optional max-width for grouped Control UI chat messages. Accepts constrained CSS width values such as `960px`, `82%`, `min(1280px, 82%)`, and `calc(100% - 2rem)`.

430432

- `controlUi.dangerouslyAllowHostHeaderOriginFallback`: dangerous mode that enables Host-header origin fallback for deployments that intentionally rely on Host-header origin policy.

431433

- `remote.transport`: `ssh` (default) or `direct` (ws/wss). For `direct`, `remote.url` must be `ws://` or `wss://`.

432434

- `OPENCLAW_ALLOW_INSECURE_PRIVATE_WS=1`: client-side process-environment

Original file line numberDiff line numberDiff line change

@@ -247,6 +247,22 @@ Use `trusted` only when the embedded document genuinely needs same-origin behavi

247247
248248

Absolute external `http(s)` embed URLs stay blocked by default. If you intentionally want `[embed url="https://..."]` to load third-party pages, set `gateway.controlUi.allowExternalEmbedUrls: true`.

249249
250+

## Chat message width

251+
252+

Grouped chat messages use a readable default max-width. Wide-monitor deployments can override it without patching bundled CSS by setting `gateway.controlUi.chatMessageMaxWidth`:

253+
254+

```json5

255+

{

256+

gateway: {

257+

controlUi: {

258+

chatMessageMaxWidth: "min(1280px, 82%)",

259+

},

260+

},

261+

}

262+

```

263+
264+

The value is validated before it reaches the browser. Supported values include plain lengths and percentages such as `960px` or `82%`, plus constrained `min(...)`, `max(...)`, `clamp(...)`, `calc(...)`, and `fit-content(...)` width expressions.

265+
250266

## Tailnet access (recommended)

251267
252268

<Tabs>

Original file line numberDiff line numberDiff line change

@@ -296,6 +296,52 @@ describe("gateway.controlUi.allowExternalEmbedUrls", () => {

296296

});

297297

});

298298
299+

describe("gateway.controlUi.chatMessageMaxWidth", () => {

300+

it("accepts constrained CSS width values", () => {

301+

for (const value of ["960px", "82%", "min(1280px, 82%)", "calc(100% - 2rem)"]) {

302+

const result = OpenClawSchema.safeParse({

303+

gateway: {

304+

controlUi: {

305+

chatMessageMaxWidth: value,

306+

},

307+

},

308+

});

309+

expect(result.success).toBe(true);

310+

if (result.success) {

311+

expect(result.data.gateway?.controlUi?.chatMessageMaxWidth).toBe(value);

312+

}

313+

}

314+

});

315+
316+

it("normalizes whitespace around the width value", () => {

317+

const result = OpenClawSchema.safeParse({

318+

gateway: {

319+

controlUi: {

320+

chatMessageMaxWidth: " min(1280px, 82%) ",

321+

},

322+

},

323+

});

324+
325+

expect(result.success).toBe(true);

326+

if (result.success) {

327+

expect(result.data.gateway?.controlUi?.chatMessageMaxWidth).toBe("min(1280px, 82%)");

328+

}

329+

});

330+
331+

it("rejects arbitrary CSS injection", () => {

332+

for (const value of ["url(https://example.com/x)", "960px; color: red", "var(--x)"]) {

333+

const result = OpenClawSchema.safeParse({

334+

gateway: {

335+

controlUi: {

336+

chatMessageMaxWidth: value,

337+

},

338+

},

339+

});

340+

expect(result.success).toBe(false);

341+

}

342+

});

343+

});

344+
299345

describe("plugins.entries.*.hooks", () => {

300346

it.each([true, false])("accepts allowConversationAccess=%s", (allowConversationAccess) => {

301347

const result = OpenClawSchema.safeParse({

Original file line numberDiff line numberDiff line change

@@ -0,0 +1,60 @@

1+

const CSS_WIDTH_KEYWORDS = new Set(["none", "min-content", "max-content"]);

2+

const CSS_WIDTH_FUNCTIONS = new Set(["calc", "clamp", "fit-content", "max", "min"]);

3+

const CSS_WIDTH_UNITS = new Set(["ch", "em", "rem", "vh", "vmax", "vmin", "vw", "px"]);

4+

const CSS_WIDTH_ALLOWED_CHARS = /^[0-9A-Za-z.%+\-*/(),\s]+$/;

5+

const CSS_WIDTH_IDENTIFIER_RE = /[A-Za-z][A-Za-z0-9-]*/g;

6+

const CSS_WIDTH_SIMPLE_RE = /^(?:\d+(?:\.\d+)?|\.\d+)(?:px|rem|em|ch|vw|vh|vmin|vmax|%)$/i;

7+

const CSS_WIDTH_MAX_LENGTH = 96;

8+
9+

function hasBalancedParentheses(value: string): boolean {

10+

let depth = 0;

11+

for (const char of value) {

12+

if (char === "(") {

13+

depth++;

14+

} else if (char === ")") {

15+

depth--;

16+

if (depth < 0) {

17+

return false;

18+

}

19+

}

20+

}

21+

return depth === 0;

22+

}

23+
24+

function hasAllowedIdentifiers(value: string): boolean {

25+

for (const match of value.matchAll(CSS_WIDTH_IDENTIFIER_RE)) {

26+

const identifier = match[0].toLowerCase();

27+

if (

28+

!CSS_WIDTH_FUNCTIONS.has(identifier) &&

29+

!CSS_WIDTH_KEYWORDS.has(identifier) &&

30+

!CSS_WIDTH_UNITS.has(identifier)

31+

) {

32+

return false;

33+

}

34+

}

35+

return true;

36+

}

37+
38+

export function normalizeControlUiChatMessageMaxWidth(value: string): string {

39+

return value.trim().replace(/\s+/g, " ");

40+

}

41+
42+

export function isValidControlUiChatMessageMaxWidth(value: string): boolean {

43+

const normalized = normalizeControlUiChatMessageMaxWidth(value);

44+

if (normalized.length === 0 || normalized.length > CSS_WIDTH_MAX_LENGTH) {

45+

return false;

46+

}

47+

if (CSS_WIDTH_KEYWORDS.has(normalized.toLowerCase())) {

48+

return true;

49+

}

50+

if (CSS_WIDTH_SIMPLE_RE.test(normalized)) {

51+

return true;

52+

}

53+

if (!CSS_WIDTH_ALLOWED_CHARS.test(normalized)) {

54+

return false;

55+

}

56+

if (!hasBalancedParentheses(normalized) || !hasAllowedIdentifiers(normalized)) {

57+

return false;

58+

}

59+

return /^(?:calc|clamp|fit-content|max|min)\(.+\)$/i.test(normalized);

60+

}

Original file line numberDiff line numberDiff line change

@@ -22293,6 +22293,11 @@ export const GENERATED_BASE_CONFIG_SCHEMA: BaseConfigSchemaResponse = {

2229322293

description:

2229422294

"DANGEROUS toggle that allows hosted embeds to load absolute external http(s) URLs. Keep this off unless your Control UI intentionally embeds trusted third-party pages; hosted /__openclaw__/canvas and /__openclaw__/a2ui documents do not need it.",

2229522295

},

22296+

chatMessageMaxWidth: {

22297+

title: "Control UI Chat Message Max Width",

22298+

description:

22299+

'Optional CSS max-width for grouped Control UI chat messages, for example "960px", "82%", or "min(1280px, 82%)". Values are validated against a constrained width grammar before reaching the browser.',

22300+

},

2229622301

allowedOrigins: {

2229722302

type: "array",

2229822303

items: {

@@ -25988,6 +25993,11 @@ export const GENERATED_BASE_CONFIG_SCHEMA: BaseConfigSchemaResponse = {

2598825993

help: "DANGEROUS toggle that allows hosted embeds to load absolute external http(s) URLs. Keep this off unless your Control UI intentionally embeds trusted third-party pages; hosted /__openclaw__/canvas and /__openclaw__/a2ui documents do not need it.",

2598925994

tags: ["security", "access", "network", "advanced"],

2599025995

},

25996+

"gateway.controlUi.chatMessageMaxWidth": {

25997+

label: "Control UI Chat Message Max Width",

25998+

help: 'Optional CSS max-width for grouped Control UI chat messages, for example "960px", "82%", or "min(1280px, 82%)". Values are validated against a constrained width grammar before reaching the browser.',

25999+

tags: ["advanced"],

26000+

},

2599126001

"gateway.controlUi.allowedOrigins": {

2599226002

label: "Control UI Allowed Origins",

2599326003

help: 'Allowed browser origins for Control UI/WebChat websocket connections (full origins only, e.g. https://control.example.com). Required for non-loopback Control UI deployments unless dangerous Host-header fallback is explicitly enabled. Setting ["*"] means allow any browser origin and should be avoided outside tightly controlled local testing.',

Original file line numberDiff line numberDiff line change

@@ -458,6 +458,8 @@ export const FIELD_HELP: Record<string, string> = {

458458

'Iframe sandbox policy for hosted Control UI embeds. "strict" disables scripts, "scripts" allows interactive embeds while keeping origin isolation (default), and "trusted" adds `allow-same-origin` for same-site documents that intentionally need stronger privileges.',

459459

"gateway.controlUi.allowExternalEmbedUrls":

460460

"DANGEROUS toggle that allows hosted embeds to load absolute external http(s) URLs. Keep this off unless your Control UI intentionally embeds trusted third-party pages; hosted /__openclaw__/canvas and /__openclaw__/a2ui documents do not need it.",

461+

"gateway.controlUi.chatMessageMaxWidth":

462+

'Optional CSS max-width for grouped Control UI chat messages, for example "960px", "82%", or "min(1280px, 82%)". Values are validated against a constrained width grammar before reaching the browser.',

461463

"gateway.controlUi.allowedOrigins":

462464

'Allowed browser origins for Control UI/WebChat websocket connections (full origins only, e.g. https://control.example.com). Required for non-loopback Control UI deployments unless dangerous Host-header fallback is explicitly enabled. Setting ["*"] means allow any browser origin and should be avoided outside tightly controlled local testing.',

463465

"gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback":

Original file line numberDiff line numberDiff line change

@@ -308,6 +308,7 @@ export const FIELD_LABELS: Record<string, string> = {

308308

"gateway.controlUi.root": "Control UI Assets Root",

309309

"gateway.controlUi.embedSandbox": "Control UI Embed Sandbox Mode",

310310

"gateway.controlUi.allowExternalEmbedUrls": "Allow External Control UI Embed URLs",

311+

"gateway.controlUi.chatMessageMaxWidth": "Control UI Chat Message Max Width",

311312

"gateway.controlUi.allowedOrigins": "Control UI Allowed Origins",

312313

"gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback":

313314

"Dangerously Allow Host-Header Origin Fallback",

Original file line numberDiff line numberDiff line change

@@ -45,6 +45,7 @@ const TAG_OVERRIDES: Record<string, ConfigTag[]> = {

4545

"gateway.push.apns.relay.baseUrl": ["network", "advanced"],

4646

"gateway.controlUi.embedSandbox": ["security", "access", "advanced"],

4747

"gateway.controlUi.allowExternalEmbedUrls": ["security", "access", "network", "advanced"],

48+

"gateway.controlUi.chatMessageMaxWidth": ["advanced"],

4849

"gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback": [

4950

"security",

5051

"access",