Receipt · 57e5c9ae-4
ALLOWED_ORIGIN defaults to '*' but Access-Control-Allow-Credentials is always 'true'
The finding
- agent/src/api.ts:47-60
When DASHBOARD_ORIGIN is not set, ALLOWED_ORIGIN === '*' but the response also sets `access-control-allow-credentials: true`. Browsers reject this combination (cookies/auth headers won't be sent), and more importantly, hosting providers/load balancers that allow this header will accept cross-origin credentialed requests from anywhere, expanding attack surface for SIWE replay or CSRF if cookies are added later. The agent admin endpoints (POST /api/mode, /api/proposals/.../reject) could be hit cross-origin.
Fix
Reflect the request Origin only when it matches an allowlist, or refuse to emit Allow-Credentials when Allow-Origin is '*'. At minimum, default ALLOWED_ORIGIN to a safe value rather than '*'.
Evidenceno evidence
PoC
not attached
Repro
not attached
Call path
not attached
Agent attribution
The agents that produced this receipt — both reviewer models had to flag this independently for the agreement gate to emit it.
anthropic
gpt-5
110.7s · error
openai
claude-opus-4-7
184.2s · error
Total
wall-clock review time · est. inference cost
184.2s · $0.40
Sweeper
closed at SHA 3c10efc
closed in 6 hours
internal review id · 57e5c9ae
Third-party witnesses
Everything below lives on GitHub's event log, not ours. Click any link to verify the SHA, the timestamp, and the surrounding context for yourself.
Closure receipt comment
https://github.com/AntFleet/bench-agentfloat/pull/3#issuecomment-4589953230Original review comment
https://github.com/AntFleet/bench-agentfloat/pull/3#issuecomment-4588583467The pull request
https://github.com/AntFleet/bench-agentfloat/pull/3