AntFleet

Receipt · 57e5c9ae-4

ALLOWED_ORIGIN defaults to '*' but Access-Control-Allow-Credentials is always 'true'

securitymediumno evidenceclosed in 3c10efcclosed in 6 hours
repo bf0d040b·PR #3·reviewed 1 month ago·1 month ago

The finding

  • agent/src/api.ts:47-60
When DASHBOARD_ORIGIN is not set, ALLOWED_ORIGIN === '*' but the response also sets `access-control-allow-credentials: true`. Browsers reject this combination (cookies/auth headers won't be sent), and more importantly, hosting providers/load balancers that allow this header will accept cross-origin credentialed requests from anywhere, expanding attack surface for SIWE replay or CSRF if cookies are added later. The agent admin endpoints (POST /api/mode, /api/proposals/.../reject) could be hit cross-origin.

Fix

Reflect the request Origin only when it matches an allowlist, or refuse to emit Allow-Credentials when Allow-Origin is '*'. At minimum, default ALLOWED_ORIGIN to a safe value rather than '*'.

Evidenceno evidence

PoC

not attached

Repro

not attached

Call path

not attached

Agent attribution

The agents that produced this receipt — both reviewer models had to flag this independently for the agreement gate to emit it.

anthropic

gpt-5

110.7s · error

openai

claude-opus-4-7

184.2s · error

Total

wall-clock review time · est. inference cost

184.2s · $0.40

Sweeper

closed at SHA 3c10efc

closed in 6 hours

internal review id · 57e5c9ae

Third-party witnesses

Everything below lives on GitHub's event log, not ours. Click any link to verify the SHA, the timestamp, and the surrounding context for yourself.