Skip to content

fix: harden local API and debug logging privacy#512

Open
scorp323 wants to merge 3 commits into
altic-dev:mainfrom
scorp323:oracle/batch-b-safe-hardening-20260703
Open

fix: harden local API and debug logging privacy#512
scorp323 wants to merge 3 commits into
altic-dev:mainfrom
scorp323:oracle/batch-b-safe-hardening-20260703

Conversation

@scorp323

@scorp323 scorp323 commented Jul 3, 2026

Copy link
Copy Markdown

Summary

  • Clarify README privacy wording around the local API.
  • Reject invalid Host and Origin headers in the local API request path.
  • Add an explicit forbidden reason phrase.
  • Make DebugLogger respect the disabled logging toggle before persisting or printing content-bearing log lines.

Verification

  • swiftc -typecheck Sources/Fluid/Services/LocalAPI/LocalAPIModels.swift
  • swiftc -typecheck Sources/Fluid/Services/DebugLogger.swift Sources/Fluid/Services/FileLogger.swift
  • Static guard checks for Host/Origin/DebugLogger behavior.

Notes

  • No dependency installs, credential reads, runtime/service starts, or destructive git operations were used.

- clarify local API privacy wording
- reject invalid Host and Origin headers
- add forbidden response reason phrase
- make DebugLogger respect the disabled logging toggle before persisting or printing logs

Verification:
- swiftc -typecheck Sources/Fluid/Services/LocalAPI/LocalAPIModels.swift
- swiftc -typecheck Sources/Fluid/Services/DebugLogger.swift Sources/Fluid/Services/FileLogger.swift
- static guard checks for Host/Origin/DebugLogger behavior

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5ebe91d64b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

return false
}
guard scheme == "http" || scheme == "https" else { return false }
return host == "localhost" || host == "127.0.0.1" || host == "::1"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Allow bracketed IPv6 loopback origins

When a browser or local client calls the API via IPv6 loopback, e.g. http://[::1]:47733, it sends an origin like http://[::1]:47733; URLComponents.host preserves the brackets for IPv6 literals, while this allow-list only compares against ::1. The router therefore returns 403 for IPv6 loopback requests even though the Host check explicitly accepts [::1], breaking clients that include an Origin header on the IPv6 loopback address.

Useful? React with 👍 / 👎.

Morpheus added 2 commits July 3, 2026 20:46
- bump package manifest tools version to 6.0 so .macOS(.v15) is available
- keep platform target at macOS 15

Verification:
- swift --version
- swift package dump-package
Allow URLComponents' bracketed [::1] host form for local API Origin checks so browser clients using IPv6 loopback are treated consistently with Host header validation.

Verification:
- swift package dump-package
- swift -e URLComponents loopback origin check
@scorp323

scorp323 commented Jul 3, 2026

Copy link
Copy Markdown
Author

Addressed the IPv6 loopback Origin feedback in 8121c00.

URLComponents.host returns the bracketed form for http://[::1]:47733 on this toolchain, so the local API Origin allow-list now accepts [::1] in addition to ::1, matching the existing Host-header behavior.

Verification run locally:

swift package dump-package
# FluidVoice macOS 15.0 package parsed OK

swift -e URLComponents loopback origin check
# http://[::1]:47733 [::1] true
# http://localhost:47733 localhost true
# http://127.0.0.1:47733 127.0.0.1 true

@scorp323

scorp323 commented Jul 3, 2026

Copy link
Copy Markdown
Author

Friendly workflow nudge: this PR is still waiting at the fork workflow approval gate (action_required) before checks can run.

Latest follow-up commit 8121c00 addressed the IPv6 loopback Origin feedback. Local verification:

swift package dump-package
# OK

URLComponents("http://[::1]:47733").host
# [::1]

Once the workflow is approved/run, I can follow up quickly on any concrete CI failure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant