centersl/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-27 09:21:35 +07:00
Code Issues Packages Projects Releases Wiki Activity

fix(voice-call): harden webhook pre-auth guards

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-22 23:32:30 -07:00
parent 2467fa4c5b
commit 651dc7450b
4 changed files with 246 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/plugins/voice-call.md
View File

@@ -183,6 +183,12 @@ requests are acknowledged but skipped for side effects.
Twilio conversation turns include a per-turn token in `<Gather>` callbacks, so
stale/replayed speech callbacks cannot satisfy a newer pending transcript turn.
Unauthenticated webhook requests are rejected before body reads when the
provider's required signature headers are missing.
The voice-call webhook uses the shared pre-auth body profile (64 KB / 5 seconds)
plus a per-IP in-flight cap before signature verification.
Example with a stable public host:
```json5